Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-47774 (GCVE-0-2026-47774)
Vulnerability from cvelistv5 – Published: 2026-06-17 16:58 – Updated: 2026-06-30 12:10| URL | Tags |
|---|---|
| https://github.com/envoyproxy/envoy/security/advi… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2026/0… | |
| https://access.redhat.com/security/cve/CVE-2026-47774 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2487465 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:27114 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26210 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26222 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26231 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26247 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy |
Affected:
< 1.35.11
Affected: >= 1.36.0, < 1.36.7 Affected: >= 1.37.0, < 1.37.3 Affected: >= 1.38.0, < 1.38.1 |
|
| Red Hat | Red Hat OpenShift Service Mesh 2.6 |
cpe:/a:redhat:service_mesh:2.6::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.0 |
cpe:/a:redhat:service_mesh:3.0::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.1 |
cpe:/a:redhat:service_mesh:3.1::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.2 |
cpe:/a:redhat:service_mesh:3.2::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.3 |
cpe:/a:redhat:service_mesh:3.3::el9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-17T17:05:51.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/04/15"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T18:00:56.896750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T18:01:59.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service vulnerability was found in Envoy\u0027s HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:10:01.079Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-47774"
},
{
"name": "RHBZ#2487465",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487465"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47774.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27114"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26210"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26222"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26231"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26247"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:27114: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:26210: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:26222: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:26231: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:26247: Red Hat OpenShift Service Mesh 3.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Made public."
}
],
"title": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack",
"workarounds": [
{
"lang": "en",
"value": "See the security bulletin for a detailed mitigation procedure."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.35.11"
},
{
"status": "affected",
"version": "\u003e= 1.36.0, \u003c 1.36.7"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.3"
},
{
"status": "affected",
"version": "\u003e= 1.38.0, \u003c 1.38.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy\u0027s HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentially resulting in OOM termination of the Envoy process and denial of service. The issue arises from the combination of two behaviors. First, cookie header bytes are not fully accounted for during request header size validation in Envoy. Second, HPACK header block limits in oghttp2/quiche are enforced on encoded bytes without a corresponding limit on total decoded header size. Together, these behaviors allow a malicious client to cause large decoded header allocations while bypassing the intended request header size protections. Versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 contain a fix. No complete workaround is known short of applying a fix. Possible temporary mitigations include disabling downstream HTTP/2 where operationally feasible; enforcing stricter request header and cookie limits before traffic reaches Envoy; and monitoring Envoy memory usage for abnormal growth under HTTP/2 traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T16:58:36.541Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-22m2-hvr2-xqc8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-22m2-hvr2-xqc8"
}
],
"source": {
"advisory": "GHSA-22m2-hvr2-xqc8",
"discovery": "UNKNOWN"
},
"title": "Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-47774",
"datePublished": "2026-06-17T16:58:36.541Z",
"dateReserved": "2026-05-19T22:36:16.882Z",
"dateUpdated": "2026-06-30T12:10:01.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-47774",
"date": "2026-07-02",
"epss": "0.00708",
"percentile": "0.48912"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-47774\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-06-17T18:18:02.643\",\"lastModified\":\"2026-06-30T03:20:24.530\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy\u0027s HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentially resulting in OOM termination of the Envoy process and denial of service. The issue arises from the combination of two behaviors. First, cookie header bytes are not fully accounted for during request header size validation in Envoy. Second, HPACK header block limits in oghttp2/quiche are enforced on encoded bytes without a corresponding limit on total decoded header size. Together, these behaviors allow a malicious client to cause large decoded header allocations while bypassing the intended request header size protections. Versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 contain a fix. No complete workaround is known short of applying a fix. Possible temporary mitigations include disabling downstream HTTP/2 where operationally feasible; enforcing stricter request header and cookie limits before traffic reaches Envoy; and monitoring Envoy memory usage for abnormal growth under HTTP/2 traffic.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"envoyproxy\",\"product\":\"envoy\",\"versions\":[{\"version\":\"\u003c 1.35.11\",\"status\":\"affected\"},{\"version\":\"\u003e= 1.36.0, \u003c 1.36.7\",\"status\":\"affected\"},{\"version\":\"\u003e= 1.37.0, \u003c 1.37.3\",\"status\":\"affected\"},{\"version\":\"\u003e= 1.38.0, \u003c 1.38.1\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.3::el9\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-17T18:00:56.896750Z\",\"id\":\"CVE-2026-47774\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-405\"},{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-409\"}]}],\"references\":[{\"url\":\"https://github.com/envoyproxy/envoy/security/advisories/GHSA-22m2-hvr2-xqc8\",\"source\":\"security-advisories@github.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/06/04/15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26210\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26222\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26231\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26247\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27114\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-47774\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2487465\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47774.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/06/04/15\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-06-17T17:05:51.998Z\"}}, {\"title\": \"envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:service_mesh:2.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.3\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-06-04T00:00:00.000Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-06-04T00:00:00.000Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:27114: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26210: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26222: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26231: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26247: Red Hat OpenShift Service Mesh 3.3\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-06-04T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-47774\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2487465\", \"name\": \"RHBZ#2487465\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47774.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:27114\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26210\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26222\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26231\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26247\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"See the security bulletin for a detailed mitigation procedure.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A denial-of-service vulnerability was found in Envoy\u0027s HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-409\", \"description\": \"Improper Handling of Highly Compressed Data (Data Amplification)\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-06-30T03:18:50.367Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-47774\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-17T18:00:56.896750Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-17T18:01:47.886Z\"}}], \"cna\": {\"title\": \"Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification\", \"source\": {\"advisory\": \"GHSA-22m2-hvr2-xqc8\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"envoyproxy\", \"product\": \"envoy\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.35.11\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.36.0, \u003c 1.36.7\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.37.0, \u003c 1.37.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.38.0, \u003c 1.38.1\"}]}], \"references\": [{\"url\": \"https://github.com/envoyproxy/envoy/security/advisories/GHSA-22m2-hvr2-xqc8\", \"name\": \"https://github.com/envoyproxy/envoy/security/advisories/GHSA-22m2-hvr2-xqc8\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy\u0027s HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentially resulting in OOM termination of the Envoy process and denial of service. The issue arises from the combination of two behaviors. First, cookie header bytes are not fully accounted for during request header size validation in Envoy. Second, HPACK header block limits in oghttp2/quiche are enforced on encoded bytes without a corresponding limit on total decoded header size. Together, these behaviors allow a malicious client to cause large decoded header allocations while bypassing the intended request header size protections. Versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 contain a fix. No complete workaround is known short of applying a fix. Possible temporary mitigations include disabling downstream HTTP/2 where operationally feasible; enforcing stricter request header and cookie limits before traffic reaches Envoy; and monitoring Envoy memory usage for abnormal growth under HTTP/2 traffic.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-405\", \"description\": \"CWE-405: Asymmetric Resource Consumption (Amplification)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-17T16:58:36.541Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-47774\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T03:18:50.367Z\", \"dateReserved\": \"2026-05-19T22:36:16.882Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-17T16:58:36.541Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
bit-envoy-2026-47774
Vulnerability from bitnami_vulndb
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentially resulting in OOM termination of the Envoy process and denial of service. The issue arises from the combination of two behaviors. First, cookie header bytes are not fully accounted for during request header size validation in Envoy. Second, HPACK header block limits in oghttp2/quiche are enforced on encoded bytes without a corresponding limit on total decoded header size. Together, these behaviors allow a malicious client to cause large decoded header allocations while bypassing the intended request header size protections. Versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 contain a fix. No complete workaround is known short of applying a fix. Possible temporary mitigations include disabling downstream HTTP/2 where operationally feasible; enforcing stricter request header and cookie limits before traffic reaches Envoy; and monitoring Envoy memory usage for abnormal growth under HTTP/2 traffic.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "envoy",
"purl": "pkg:bitnami/envoy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.35.11"
},
{
"introduced": "1.36.0"
},
{
"fixed": "1.36.7"
},
{
"introduced": "1.37.0"
},
{
"fixed": "1.37.3"
},
{
"introduced": "1.38.0"
},
{
"fixed": "1.38.1"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2026-47774"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy\u0027s HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentially resulting in OOM termination of the Envoy process and denial of service. The issue arises from the combination of two behaviors. First, cookie header bytes are not fully accounted for during request header size validation in Envoy. Second, HPACK header block limits in oghttp2/quiche are enforced on encoded bytes without a corresponding limit on total decoded header size. Together, these behaviors allow a malicious client to cause large decoded header allocations while bypassing the intended request header size protections. Versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 contain a fix. No complete workaround is known short of applying a fix. Possible temporary mitigations include disabling downstream HTTP/2 where operationally feasible; enforcing stricter request header and cookie limits before traffic reaches Envoy; and monitoring Envoy memory usage for abnormal growth under HTTP/2 traffic.",
"id": "BIT-envoy-2026-47774",
"modified": "2026-06-22T06:07:36.958Z",
"published": "2026-06-22T05:40:15.331Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/04/15"
},
{
"type": "WEB",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-22m2-hvr2-xqc8"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47774"
}
],
"schema_version": "1.6.2",
"summary": "Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification"
}
FKIE_CVE-2026-47774
Vulnerability from fkie_nvd - Published: 2026-06-17 18:18 - Updated: 2026-06-30 03:207.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.35.11"
},
{
"status": "affected",
"version": "\u003e= 1.36.0, \u003c 1.36.7"
},
{
"status": "affected",
"version": "\u003e= 1.37.0, \u003c 1.37.3"
},
{
"status": "affected",
"version": "\u003e= 1.38.0, \u003c 1.38.1"
}
]
}
],
"source": "security-advisories@github.com"
},
{
"affectedData": [
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy\u0027s HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentially resulting in OOM termination of the Envoy process and denial of service. The issue arises from the combination of two behaviors. First, cookie header bytes are not fully accounted for during request header size validation in Envoy. Second, HPACK header block limits in oghttp2/quiche are enforced on encoded bytes without a corresponding limit on total decoded header size. Together, these behaviors allow a malicious client to cause large decoded header allocations while bypassing the intended request header size protections. Versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 contain a fix. No complete workaround is known short of applying a fix. Possible temporary mitigations include disabling downstream HTTP/2 where operationally feasible; enforcing stricter request header and cookie limits before traffic reaches Envoy; and monitoring Envoy memory usage for abnormal growth under HTTP/2 traffic."
}
],
"id": "CVE-2026-47774",
"lastModified": "2026-06-30T03:20:24.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-47774",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T18:00:56.896750Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-17T18:18:02.643",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-22m2-hvr2-xqc8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2026/06/04/15"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:26210"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:26222"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:26231"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:26247"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:27114"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/security/cve/CVE-2026-47774"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487465"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47774.json"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-405"
},
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-409"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
]
}
RHSA-2026:26210
Vulnerability from csaf_redhat - Published: 2026-06-16 08:46 - Updated: 2026-06-30 04:22A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:30de7479aca6bdc71e323cd667d2dec4a120adf1da7b505f8c0972730ef87a86_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:48bbe11575059969889d37f590251e56da1b468b12d2b2f0032162c321108a0a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:4dcf95fc4a6a18af5dfdac190235c571bee3d750d4b829771781aeab14733389_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a7335217f0872592b1ac734aae218085d8a5c230838603ceda1507867ff1c14b_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:523d7042fb9393b224fd44548f7055b9092882364e645b95b0ed93f151103ee3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:587e343cd859881e47a400d35ae4d99eed8ba61d55adf864d0b4a051d49c90e4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:81ef49c1b622a8932f613cd478698e27bed441173cbab750ca506dbe991a7be5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:e58217c56fd6e2b931dca68a553533706a8413eabf3c3ed2814a68e70f915d7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2a0d3a49fac70f978cbacbe6221ba5c7c7e1f789c2c20c2e5eaf2f1863f420d2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a2ad85bfef9cd49a4fe1d7a7147c44172ebf1ef1f5ae4561659452b299f48de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c2404012746d39079c6246788a0974fdd8f660c6f9578265c2df855a7b674576_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e5685dc1a95816e7d93c32409ca52d9a7975c24907b498aacfff6857ba8665f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf1f51ae282488f63aa76c9963b9595afb47bc576824057379d1bcf92bed70e6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d48edb9f2a55f5f0cd2569c88b8314c9f703ef02974f22fde51d406d744e24f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d717699897088fa509a6502f765bff0c817d18097046d7a485cd25bc14dbd42f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e20ca32e1f4641c85ae428884211e6fa701f2be0230a8ab0d4eed4cf28cc9bb4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1c7afb9faf38ba8d9154c7d0c5878196fb991a3a2856b54332ea1b46a40121da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:41926eaff176d83df4c076df99161a55ee395a42e5ccac60c851678e9c0ed256_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5d903e0ccad7f33cf5ffdddab8b199d4aac6b144a8958006b1d352b217a4d929_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92172492762b5b3b15195dc2c627816ffd0068c0741ae5523d510df2d05bc285_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:45cf8be75aa8bf478dcaa55deed88fef42cadc2290f1ea28b1984d04c35bc908_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:60cc56c7a2697214fbd562e36060bbaf08329994f18037b69bd422fba9e2a114_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6e0e826106365d8a0ee11c7a4e6c79ec83518341f2a175850172211e5a9b0c2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bf55dc918a79d92726432fb45be2b61c9e3f3bf6cd139f534b051d85ebbb272d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:afba220ae878102ac25604ec734206c4859eda22973804f89c51d85e6a92184e_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.0.12\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.0.12, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* openshift-service-mesh/istio-proxyv2-rhel9: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack (CVE-2026-47774)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:26210",
"url": "https://access.redhat.com/errata/RHSA-2026:26210"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47774",
"url": "https://access.redhat.com/security/cve/CVE-2026-47774"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26210.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.12",
"tracking": {
"current_release_date": "2026-06-30T04:22:18+00:00",
"generator": {
"date": "2026-06-30T04:22:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:26210",
"initial_release_date": "2026-06-16T08:46:30+00:00",
"revision_history": [
{
"date": "2026-06-16T08:46:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-16T08:46:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:22:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.0",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:afba220ae878102ac25604ec734206c4859eda22973804f89c51d85e6a92184e_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:afba220ae878102ac25604ec734206c4859eda22973804f89c51d85e6a92184e_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:afba220ae878102ac25604ec734206c4859eda22973804f89c51d85e6a92184e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3Aafba220ae878102ac25604ec734206c4859eda22973804f89c51d85e6a92184e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle\u0026tag=1781073616"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a2ad85bfef9cd49a4fe1d7a7147c44172ebf1ef1f5ae4561659452b299f48de_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a2ad85bfef9cd49a4fe1d7a7147c44172ebf1ef1f5ae4561659452b299f48de_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a2ad85bfef9cd49a4fe1d7a7147c44172ebf1ef1f5ae4561659452b299f48de_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4a2ad85bfef9cd49a4fe1d7a7147c44172ebf1ef1f5ae4561659452b299f48de?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1780406943"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d717699897088fa509a6502f765bff0c817d18097046d7a485cd25bc14dbd42f_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d717699897088fa509a6502f765bff0c817d18097046d7a485cd25bc14dbd42f_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d717699897088fa509a6502f765bff0c817d18097046d7a485cd25bc14dbd42f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ad717699897088fa509a6502f765bff0c817d18097046d7a485cd25bc14dbd42f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780406549"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:60cc56c7a2697214fbd562e36060bbaf08329994f18037b69bd422fba9e2a114_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:60cc56c7a2697214fbd562e36060bbaf08329994f18037b69bd422fba9e2a114_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:60cc56c7a2697214fbd562e36060bbaf08329994f18037b69bd422fba9e2a114_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A60cc56c7a2697214fbd562e36060bbaf08329994f18037b69bd422fba9e2a114?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1780525188"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92172492762b5b3b15195dc2c627816ffd0068c0741ae5523d510df2d05bc285_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92172492762b5b3b15195dc2c627816ffd0068c0741ae5523d510df2d05bc285_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92172492762b5b3b15195dc2c627816ffd0068c0741ae5523d510df2d05bc285_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A92172492762b5b3b15195dc2c627816ffd0068c0741ae5523d510df2d05bc285?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1780406629"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:48bbe11575059969889d37f590251e56da1b468b12d2b2f0032162c321108a0a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:48bbe11575059969889d37f590251e56da1b468b12d2b2f0032162c321108a0a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:48bbe11575059969889d37f590251e56da1b468b12d2b2f0032162c321108a0a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A48bbe11575059969889d37f590251e56da1b468b12d2b2f0032162c321108a0a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781069908"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:587e343cd859881e47a400d35ae4d99eed8ba61d55adf864d0b4a051d49c90e4_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:587e343cd859881e47a400d35ae4d99eed8ba61d55adf864d0b4a051d49c90e4_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:587e343cd859881e47a400d35ae4d99eed8ba61d55adf864d0b4a051d49c90e4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A587e343cd859881e47a400d35ae4d99eed8ba61d55adf864d0b4a051d49c90e4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9\u0026tag=1780454966"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c2404012746d39079c6246788a0974fdd8f660c6f9578265c2df855a7b674576_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c2404012746d39079c6246788a0974fdd8f660c6f9578265c2df855a7b674576_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c2404012746d39079c6246788a0974fdd8f660c6f9578265c2df855a7b674576_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ac2404012746d39079c6246788a0974fdd8f660c6f9578265c2df855a7b674576?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1780406943"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf1f51ae282488f63aa76c9963b9595afb47bc576824057379d1bcf92bed70e6_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf1f51ae282488f63aa76c9963b9595afb47bc576824057379d1bcf92bed70e6_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf1f51ae282488f63aa76c9963b9595afb47bc576824057379d1bcf92bed70e6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Acf1f51ae282488f63aa76c9963b9595afb47bc576824057379d1bcf92bed70e6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780406549"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:45cf8be75aa8bf478dcaa55deed88fef42cadc2290f1ea28b1984d04c35bc908_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:45cf8be75aa8bf478dcaa55deed88fef42cadc2290f1ea28b1984d04c35bc908_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:45cf8be75aa8bf478dcaa55deed88fef42cadc2290f1ea28b1984d04c35bc908_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A45cf8be75aa8bf478dcaa55deed88fef42cadc2290f1ea28b1984d04c35bc908?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1780525188"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1c7afb9faf38ba8d9154c7d0c5878196fb991a3a2856b54332ea1b46a40121da_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1c7afb9faf38ba8d9154c7d0c5878196fb991a3a2856b54332ea1b46a40121da_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1c7afb9faf38ba8d9154c7d0c5878196fb991a3a2856b54332ea1b46a40121da_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A1c7afb9faf38ba8d9154c7d0c5878196fb991a3a2856b54332ea1b46a40121da?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1780406629"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:30de7479aca6bdc71e323cd667d2dec4a120adf1da7b505f8c0972730ef87a86_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:30de7479aca6bdc71e323cd667d2dec4a120adf1da7b505f8c0972730ef87a86_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:30de7479aca6bdc71e323cd667d2dec4a120adf1da7b505f8c0972730ef87a86_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A30de7479aca6bdc71e323cd667d2dec4a120adf1da7b505f8c0972730ef87a86?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781069908"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:523d7042fb9393b224fd44548f7055b9092882364e645b95b0ed93f151103ee3_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:523d7042fb9393b224fd44548f7055b9092882364e645b95b0ed93f151103ee3_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:523d7042fb9393b224fd44548f7055b9092882364e645b95b0ed93f151103ee3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A523d7042fb9393b224fd44548f7055b9092882364e645b95b0ed93f151103ee3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9\u0026tag=1780454966"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e5685dc1a95816e7d93c32409ca52d9a7975c24907b498aacfff6857ba8665f9_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e5685dc1a95816e7d93c32409ca52d9a7975c24907b498aacfff6857ba8665f9_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e5685dc1a95816e7d93c32409ca52d9a7975c24907b498aacfff6857ba8665f9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ae5685dc1a95816e7d93c32409ca52d9a7975c24907b498aacfff6857ba8665f9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1780406943"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d48edb9f2a55f5f0cd2569c88b8314c9f703ef02974f22fde51d406d744e24f2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d48edb9f2a55f5f0cd2569c88b8314c9f703ef02974f22fde51d406d744e24f2_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d48edb9f2a55f5f0cd2569c88b8314c9f703ef02974f22fde51d406d744e24f2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ad48edb9f2a55f5f0cd2569c88b8314c9f703ef02974f22fde51d406d744e24f2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780406549"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6e0e826106365d8a0ee11c7a4e6c79ec83518341f2a175850172211e5a9b0c2d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6e0e826106365d8a0ee11c7a4e6c79ec83518341f2a175850172211e5a9b0c2d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6e0e826106365d8a0ee11c7a4e6c79ec83518341f2a175850172211e5a9b0c2d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A6e0e826106365d8a0ee11c7a4e6c79ec83518341f2a175850172211e5a9b0c2d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1780525188"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5d903e0ccad7f33cf5ffdddab8b199d4aac6b144a8958006b1d352b217a4d929_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5d903e0ccad7f33cf5ffdddab8b199d4aac6b144a8958006b1d352b217a4d929_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5d903e0ccad7f33cf5ffdddab8b199d4aac6b144a8958006b1d352b217a4d929_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A5d903e0ccad7f33cf5ffdddab8b199d4aac6b144a8958006b1d352b217a4d929?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1780406629"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a7335217f0872592b1ac734aae218085d8a5c230838603ceda1507867ff1c14b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a7335217f0872592b1ac734aae218085d8a5c230838603ceda1507867ff1c14b_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a7335217f0872592b1ac734aae218085d8a5c230838603ceda1507867ff1c14b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa7335217f0872592b1ac734aae218085d8a5c230838603ceda1507867ff1c14b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781069908"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:e58217c56fd6e2b931dca68a553533706a8413eabf3c3ed2814a68e70f915d7e_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:e58217c56fd6e2b931dca68a553533706a8413eabf3c3ed2814a68e70f915d7e_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:e58217c56fd6e2b931dca68a553533706a8413eabf3c3ed2814a68e70f915d7e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ae58217c56fd6e2b931dca68a553533706a8413eabf3c3ed2814a68e70f915d7e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9\u0026tag=1780454966"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2a0d3a49fac70f978cbacbe6221ba5c7c7e1f789c2c20c2e5eaf2f1863f420d2_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2a0d3a49fac70f978cbacbe6221ba5c7c7e1f789c2c20c2e5eaf2f1863f420d2_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2a0d3a49fac70f978cbacbe6221ba5c7c7e1f789c2c20c2e5eaf2f1863f420d2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A2a0d3a49fac70f978cbacbe6221ba5c7c7e1f789c2c20c2e5eaf2f1863f420d2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1780406943"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e20ca32e1f4641c85ae428884211e6fa701f2be0230a8ab0d4eed4cf28cc9bb4_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e20ca32e1f4641c85ae428884211e6fa701f2be0230a8ab0d4eed4cf28cc9bb4_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e20ca32e1f4641c85ae428884211e6fa701f2be0230a8ab0d4eed4cf28cc9bb4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ae20ca32e1f4641c85ae428884211e6fa701f2be0230a8ab0d4eed4cf28cc9bb4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780406549"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bf55dc918a79d92726432fb45be2b61c9e3f3bf6cd139f534b051d85ebbb272d_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bf55dc918a79d92726432fb45be2b61c9e3f3bf6cd139f534b051d85ebbb272d_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bf55dc918a79d92726432fb45be2b61c9e3f3bf6cd139f534b051d85ebbb272d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Abf55dc918a79d92726432fb45be2b61c9e3f3bf6cd139f534b051d85ebbb272d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1780525188"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:41926eaff176d83df4c076df99161a55ee395a42e5ccac60c851678e9c0ed256_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:41926eaff176d83df4c076df99161a55ee395a42e5ccac60c851678e9c0ed256_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:41926eaff176d83df4c076df99161a55ee395a42e5ccac60c851678e9c0ed256_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A41926eaff176d83df4c076df99161a55ee395a42e5ccac60c851678e9c0ed256?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1780406629"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:4dcf95fc4a6a18af5dfdac190235c571bee3d750d4b829771781aeab14733389_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:4dcf95fc4a6a18af5dfdac190235c571bee3d750d4b829771781aeab14733389_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:4dcf95fc4a6a18af5dfdac190235c571bee3d750d4b829771781aeab14733389_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A4dcf95fc4a6a18af5dfdac190235c571bee3d750d4b829771781aeab14733389?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781069908"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:81ef49c1b622a8932f613cd478698e27bed441173cbab750ca506dbe991a7be5_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:81ef49c1b622a8932f613cd478698e27bed441173cbab750ca506dbe991a7be5_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:81ef49c1b622a8932f613cd478698e27bed441173cbab750ca506dbe991a7be5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A81ef49c1b622a8932f613cd478698e27bed441173cbab750ca506dbe991a7be5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9\u0026tag=1780454966"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:523d7042fb9393b224fd44548f7055b9092882364e645b95b0ed93f151103ee3_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:523d7042fb9393b224fd44548f7055b9092882364e645b95b0ed93f151103ee3_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:523d7042fb9393b224fd44548f7055b9092882364e645b95b0ed93f151103ee3_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:587e343cd859881e47a400d35ae4d99eed8ba61d55adf864d0b4a051d49c90e4_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:587e343cd859881e47a400d35ae4d99eed8ba61d55adf864d0b4a051d49c90e4_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:587e343cd859881e47a400d35ae4d99eed8ba61d55adf864d0b4a051d49c90e4_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:81ef49c1b622a8932f613cd478698e27bed441173cbab750ca506dbe991a7be5_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:81ef49c1b622a8932f613cd478698e27bed441173cbab750ca506dbe991a7be5_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:81ef49c1b622a8932f613cd478698e27bed441173cbab750ca506dbe991a7be5_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:e58217c56fd6e2b931dca68a553533706a8413eabf3c3ed2814a68e70f915d7e_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:e58217c56fd6e2b931dca68a553533706a8413eabf3c3ed2814a68e70f915d7e_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:e58217c56fd6e2b931dca68a553533706a8413eabf3c3ed2814a68e70f915d7e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2a0d3a49fac70f978cbacbe6221ba5c7c7e1f789c2c20c2e5eaf2f1863f420d2_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2a0d3a49fac70f978cbacbe6221ba5c7c7e1f789c2c20c2e5eaf2f1863f420d2_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2a0d3a49fac70f978cbacbe6221ba5c7c7e1f789c2c20c2e5eaf2f1863f420d2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a2ad85bfef9cd49a4fe1d7a7147c44172ebf1ef1f5ae4561659452b299f48de_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a2ad85bfef9cd49a4fe1d7a7147c44172ebf1ef1f5ae4561659452b299f48de_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a2ad85bfef9cd49a4fe1d7a7147c44172ebf1ef1f5ae4561659452b299f48de_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c2404012746d39079c6246788a0974fdd8f660c6f9578265c2df855a7b674576_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c2404012746d39079c6246788a0974fdd8f660c6f9578265c2df855a7b674576_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c2404012746d39079c6246788a0974fdd8f660c6f9578265c2df855a7b674576_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e5685dc1a95816e7d93c32409ca52d9a7975c24907b498aacfff6857ba8665f9_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e5685dc1a95816e7d93c32409ca52d9a7975c24907b498aacfff6857ba8665f9_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e5685dc1a95816e7d93c32409ca52d9a7975c24907b498aacfff6857ba8665f9_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf1f51ae282488f63aa76c9963b9595afb47bc576824057379d1bcf92bed70e6_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf1f51ae282488f63aa76c9963b9595afb47bc576824057379d1bcf92bed70e6_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf1f51ae282488f63aa76c9963b9595afb47bc576824057379d1bcf92bed70e6_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d48edb9f2a55f5f0cd2569c88b8314c9f703ef02974f22fde51d406d744e24f2_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d48edb9f2a55f5f0cd2569c88b8314c9f703ef02974f22fde51d406d744e24f2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d48edb9f2a55f5f0cd2569c88b8314c9f703ef02974f22fde51d406d744e24f2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d717699897088fa509a6502f765bff0c817d18097046d7a485cd25bc14dbd42f_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d717699897088fa509a6502f765bff0c817d18097046d7a485cd25bc14dbd42f_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d717699897088fa509a6502f765bff0c817d18097046d7a485cd25bc14dbd42f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e20ca32e1f4641c85ae428884211e6fa701f2be0230a8ab0d4eed4cf28cc9bb4_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e20ca32e1f4641c85ae428884211e6fa701f2be0230a8ab0d4eed4cf28cc9bb4_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e20ca32e1f4641c85ae428884211e6fa701f2be0230a8ab0d4eed4cf28cc9bb4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1c7afb9faf38ba8d9154c7d0c5878196fb991a3a2856b54332ea1b46a40121da_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1c7afb9faf38ba8d9154c7d0c5878196fb991a3a2856b54332ea1b46a40121da_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1c7afb9faf38ba8d9154c7d0c5878196fb991a3a2856b54332ea1b46a40121da_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:41926eaff176d83df4c076df99161a55ee395a42e5ccac60c851678e9c0ed256_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:41926eaff176d83df4c076df99161a55ee395a42e5ccac60c851678e9c0ed256_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:41926eaff176d83df4c076df99161a55ee395a42e5ccac60c851678e9c0ed256_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5d903e0ccad7f33cf5ffdddab8b199d4aac6b144a8958006b1d352b217a4d929_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5d903e0ccad7f33cf5ffdddab8b199d4aac6b144a8958006b1d352b217a4d929_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5d903e0ccad7f33cf5ffdddab8b199d4aac6b144a8958006b1d352b217a4d929_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92172492762b5b3b15195dc2c627816ffd0068c0741ae5523d510df2d05bc285_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92172492762b5b3b15195dc2c627816ffd0068c0741ae5523d510df2d05bc285_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92172492762b5b3b15195dc2c627816ffd0068c0741ae5523d510df2d05bc285_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:30de7479aca6bdc71e323cd667d2dec4a120adf1da7b505f8c0972730ef87a86_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:30de7479aca6bdc71e323cd667d2dec4a120adf1da7b505f8c0972730ef87a86_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:30de7479aca6bdc71e323cd667d2dec4a120adf1da7b505f8c0972730ef87a86_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:48bbe11575059969889d37f590251e56da1b468b12d2b2f0032162c321108a0a_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:48bbe11575059969889d37f590251e56da1b468b12d2b2f0032162c321108a0a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:48bbe11575059969889d37f590251e56da1b468b12d2b2f0032162c321108a0a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:4dcf95fc4a6a18af5dfdac190235c571bee3d750d4b829771781aeab14733389_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:4dcf95fc4a6a18af5dfdac190235c571bee3d750d4b829771781aeab14733389_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:4dcf95fc4a6a18af5dfdac190235c571bee3d750d4b829771781aeab14733389_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a7335217f0872592b1ac734aae218085d8a5c230838603ceda1507867ff1c14b_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a7335217f0872592b1ac734aae218085d8a5c230838603ceda1507867ff1c14b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a7335217f0872592b1ac734aae218085d8a5c230838603ceda1507867ff1c14b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:45cf8be75aa8bf478dcaa55deed88fef42cadc2290f1ea28b1984d04c35bc908_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:45cf8be75aa8bf478dcaa55deed88fef42cadc2290f1ea28b1984d04c35bc908_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:45cf8be75aa8bf478dcaa55deed88fef42cadc2290f1ea28b1984d04c35bc908_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:60cc56c7a2697214fbd562e36060bbaf08329994f18037b69bd422fba9e2a114_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:60cc56c7a2697214fbd562e36060bbaf08329994f18037b69bd422fba9e2a114_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:60cc56c7a2697214fbd562e36060bbaf08329994f18037b69bd422fba9e2a114_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6e0e826106365d8a0ee11c7a4e6c79ec83518341f2a175850172211e5a9b0c2d_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6e0e826106365d8a0ee11c7a4e6c79ec83518341f2a175850172211e5a9b0c2d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6e0e826106365d8a0ee11c7a4e6c79ec83518341f2a175850172211e5a9b0c2d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bf55dc918a79d92726432fb45be2b61c9e3f3bf6cd139f534b051d85ebbb272d_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bf55dc918a79d92726432fb45be2b61c9e3f3bf6cd139f534b051d85ebbb272d_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bf55dc918a79d92726432fb45be2b61c9e3f3bf6cd139f534b051d85ebbb272d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:afba220ae878102ac25604ec734206c4859eda22973804f89c51d85e6a92184e_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:afba220ae878102ac25604ec734206c4859eda22973804f89c51d85e6a92184e_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:afba220ae878102ac25604ec734206c4859eda22973804f89c51d85e6a92184e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-47774",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-06-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:523d7042fb9393b224fd44548f7055b9092882364e645b95b0ed93f151103ee3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:587e343cd859881e47a400d35ae4d99eed8ba61d55adf864d0b4a051d49c90e4_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:81ef49c1b622a8932f613cd478698e27bed441173cbab750ca506dbe991a7be5_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:e58217c56fd6e2b931dca68a553533706a8413eabf3c3ed2814a68e70f915d7e_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2a0d3a49fac70f978cbacbe6221ba5c7c7e1f789c2c20c2e5eaf2f1863f420d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a2ad85bfef9cd49a4fe1d7a7147c44172ebf1ef1f5ae4561659452b299f48de_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c2404012746d39079c6246788a0974fdd8f660c6f9578265c2df855a7b674576_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e5685dc1a95816e7d93c32409ca52d9a7975c24907b498aacfff6857ba8665f9_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf1f51ae282488f63aa76c9963b9595afb47bc576824057379d1bcf92bed70e6_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d48edb9f2a55f5f0cd2569c88b8314c9f703ef02974f22fde51d406d744e24f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d717699897088fa509a6502f765bff0c817d18097046d7a485cd25bc14dbd42f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e20ca32e1f4641c85ae428884211e6fa701f2be0230a8ab0d4eed4cf28cc9bb4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1c7afb9faf38ba8d9154c7d0c5878196fb991a3a2856b54332ea1b46a40121da_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:41926eaff176d83df4c076df99161a55ee395a42e5ccac60c851678e9c0ed256_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5d903e0ccad7f33cf5ffdddab8b199d4aac6b144a8958006b1d352b217a4d929_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92172492762b5b3b15195dc2c627816ffd0068c0741ae5523d510df2d05bc285_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:45cf8be75aa8bf478dcaa55deed88fef42cadc2290f1ea28b1984d04c35bc908_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:60cc56c7a2697214fbd562e36060bbaf08329994f18037b69bd422fba9e2a114_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6e0e826106365d8a0ee11c7a4e6c79ec83518341f2a175850172211e5a9b0c2d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bf55dc918a79d92726432fb45be2b61c9e3f3bf6cd139f534b051d85ebbb272d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:afba220ae878102ac25604ec734206c4859eda22973804f89c51d85e6a92184e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487465"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability was found in Envoy\u0027s HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:30de7479aca6bdc71e323cd667d2dec4a120adf1da7b505f8c0972730ef87a86_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:48bbe11575059969889d37f590251e56da1b468b12d2b2f0032162c321108a0a_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:4dcf95fc4a6a18af5dfdac190235c571bee3d750d4b829771781aeab14733389_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a7335217f0872592b1ac734aae218085d8a5c230838603ceda1507867ff1c14b_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:523d7042fb9393b224fd44548f7055b9092882364e645b95b0ed93f151103ee3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:587e343cd859881e47a400d35ae4d99eed8ba61d55adf864d0b4a051d49c90e4_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:81ef49c1b622a8932f613cd478698e27bed441173cbab750ca506dbe991a7be5_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:e58217c56fd6e2b931dca68a553533706a8413eabf3c3ed2814a68e70f915d7e_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2a0d3a49fac70f978cbacbe6221ba5c7c7e1f789c2c20c2e5eaf2f1863f420d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a2ad85bfef9cd49a4fe1d7a7147c44172ebf1ef1f5ae4561659452b299f48de_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c2404012746d39079c6246788a0974fdd8f660c6f9578265c2df855a7b674576_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e5685dc1a95816e7d93c32409ca52d9a7975c24907b498aacfff6857ba8665f9_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf1f51ae282488f63aa76c9963b9595afb47bc576824057379d1bcf92bed70e6_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d48edb9f2a55f5f0cd2569c88b8314c9f703ef02974f22fde51d406d744e24f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d717699897088fa509a6502f765bff0c817d18097046d7a485cd25bc14dbd42f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e20ca32e1f4641c85ae428884211e6fa701f2be0230a8ab0d4eed4cf28cc9bb4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1c7afb9faf38ba8d9154c7d0c5878196fb991a3a2856b54332ea1b46a40121da_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:41926eaff176d83df4c076df99161a55ee395a42e5ccac60c851678e9c0ed256_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5d903e0ccad7f33cf5ffdddab8b199d4aac6b144a8958006b1d352b217a4d929_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92172492762b5b3b15195dc2c627816ffd0068c0741ae5523d510df2d05bc285_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:45cf8be75aa8bf478dcaa55deed88fef42cadc2290f1ea28b1984d04c35bc908_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:60cc56c7a2697214fbd562e36060bbaf08329994f18037b69bd422fba9e2a114_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6e0e826106365d8a0ee11c7a4e6c79ec83518341f2a175850172211e5a9b0c2d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bf55dc918a79d92726432fb45be2b61c9e3f3bf6cd139f534b051d85ebbb272d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:afba220ae878102ac25604ec734206c4859eda22973804f89c51d85e6a92184e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47774"
},
{
"category": "external",
"summary": "RHBZ#2487465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487465"
},
{
"category": "external",
"summary": "RHSB-2026-007",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2026-007"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47774",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47774"
}
],
"release_date": "2026-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T08:46:30+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.12 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:30de7479aca6bdc71e323cd667d2dec4a120adf1da7b505f8c0972730ef87a86_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:48bbe11575059969889d37f590251e56da1b468b12d2b2f0032162c321108a0a_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:4dcf95fc4a6a18af5dfdac190235c571bee3d750d4b829771781aeab14733389_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a7335217f0872592b1ac734aae218085d8a5c230838603ceda1507867ff1c14b_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26210"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:523d7042fb9393b224fd44548f7055b9092882364e645b95b0ed93f151103ee3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:587e343cd859881e47a400d35ae4d99eed8ba61d55adf864d0b4a051d49c90e4_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:81ef49c1b622a8932f613cd478698e27bed441173cbab750ca506dbe991a7be5_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:e58217c56fd6e2b931dca68a553533706a8413eabf3c3ed2814a68e70f915d7e_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2a0d3a49fac70f978cbacbe6221ba5c7c7e1f789c2c20c2e5eaf2f1863f420d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a2ad85bfef9cd49a4fe1d7a7147c44172ebf1ef1f5ae4561659452b299f48de_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c2404012746d39079c6246788a0974fdd8f660c6f9578265c2df855a7b674576_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e5685dc1a95816e7d93c32409ca52d9a7975c24907b498aacfff6857ba8665f9_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf1f51ae282488f63aa76c9963b9595afb47bc576824057379d1bcf92bed70e6_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d48edb9f2a55f5f0cd2569c88b8314c9f703ef02974f22fde51d406d744e24f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d717699897088fa509a6502f765bff0c817d18097046d7a485cd25bc14dbd42f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e20ca32e1f4641c85ae428884211e6fa701f2be0230a8ab0d4eed4cf28cc9bb4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1c7afb9faf38ba8d9154c7d0c5878196fb991a3a2856b54332ea1b46a40121da_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:41926eaff176d83df4c076df99161a55ee395a42e5ccac60c851678e9c0ed256_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5d903e0ccad7f33cf5ffdddab8b199d4aac6b144a8958006b1d352b217a4d929_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92172492762b5b3b15195dc2c627816ffd0068c0741ae5523d510df2d05bc285_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:30de7479aca6bdc71e323cd667d2dec4a120adf1da7b505f8c0972730ef87a86_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:48bbe11575059969889d37f590251e56da1b468b12d2b2f0032162c321108a0a_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:4dcf95fc4a6a18af5dfdac190235c571bee3d750d4b829771781aeab14733389_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a7335217f0872592b1ac734aae218085d8a5c230838603ceda1507867ff1c14b_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:45cf8be75aa8bf478dcaa55deed88fef42cadc2290f1ea28b1984d04c35bc908_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:60cc56c7a2697214fbd562e36060bbaf08329994f18037b69bd422fba9e2a114_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6e0e826106365d8a0ee11c7a4e6c79ec83518341f2a175850172211e5a9b0c2d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bf55dc918a79d92726432fb45be2b61c9e3f3bf6cd139f534b051d85ebbb272d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:afba220ae878102ac25604ec734206c4859eda22973804f89c51d85e6a92184e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:523d7042fb9393b224fd44548f7055b9092882364e645b95b0ed93f151103ee3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:587e343cd859881e47a400d35ae4d99eed8ba61d55adf864d0b4a051d49c90e4_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:81ef49c1b622a8932f613cd478698e27bed441173cbab750ca506dbe991a7be5_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:e58217c56fd6e2b931dca68a553533706a8413eabf3c3ed2814a68e70f915d7e_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2a0d3a49fac70f978cbacbe6221ba5c7c7e1f789c2c20c2e5eaf2f1863f420d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a2ad85bfef9cd49a4fe1d7a7147c44172ebf1ef1f5ae4561659452b299f48de_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c2404012746d39079c6246788a0974fdd8f660c6f9578265c2df855a7b674576_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e5685dc1a95816e7d93c32409ca52d9a7975c24907b498aacfff6857ba8665f9_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf1f51ae282488f63aa76c9963b9595afb47bc576824057379d1bcf92bed70e6_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d48edb9f2a55f5f0cd2569c88b8314c9f703ef02974f22fde51d406d744e24f2_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d717699897088fa509a6502f765bff0c817d18097046d7a485cd25bc14dbd42f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e20ca32e1f4641c85ae428884211e6fa701f2be0230a8ab0d4eed4cf28cc9bb4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1c7afb9faf38ba8d9154c7d0c5878196fb991a3a2856b54332ea1b46a40121da_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:41926eaff176d83df4c076df99161a55ee395a42e5ccac60c851678e9c0ed256_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5d903e0ccad7f33cf5ffdddab8b199d4aac6b144a8958006b1d352b217a4d929_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92172492762b5b3b15195dc2c627816ffd0068c0741ae5523d510df2d05bc285_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:30de7479aca6bdc71e323cd667d2dec4a120adf1da7b505f8c0972730ef87a86_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:48bbe11575059969889d37f590251e56da1b468b12d2b2f0032162c321108a0a_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:4dcf95fc4a6a18af5dfdac190235c571bee3d750d4b829771781aeab14733389_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a7335217f0872592b1ac734aae218085d8a5c230838603ceda1507867ff1c14b_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:45cf8be75aa8bf478dcaa55deed88fef42cadc2290f1ea28b1984d04c35bc908_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:60cc56c7a2697214fbd562e36060bbaf08329994f18037b69bd422fba9e2a114_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6e0e826106365d8a0ee11c7a4e6c79ec83518341f2a175850172211e5a9b0c2d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:bf55dc918a79d92726432fb45be2b61c9e3f3bf6cd139f534b051d85ebbb272d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:afba220ae878102ac25604ec734206c4859eda22973804f89c51d85e6a92184e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack"
}
]
}
RHSA-2026:26222
Vulnerability from csaf_redhat - Published: 2026-06-16 08:59 - Updated: 2026-06-30 04:22A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:18b5e5e2b3a8f74d40c18bbd58e84c8031e0eacfeadb9532d6e4a02dab0b1056_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1c296024f2ec78190d8ce84f8e84819f84376c1047026952a1cd2fc4948c4090_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:6991e2da2e80b475a074d5d6f88d369218f3f0685da9cf1681fff832f732332d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d959a970e9e8f3abdeac805802d98a1974e6c564fee39871cfe9ccaa2660ae75_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:9ce34e666db0e2233e6c7cd8abec6f1ff1666e280a066121dbdc88fdee5ee8f5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a6e721cec618a366f6e637eef207e5ac9b1df5b28bf143602f2e650c225a9596_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:d3147f84726a242fb2607b8f90180a6d369fe6bb2c36185da738482e21e35078_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:edd134df753b3489efc2193c51c86f0412f54ea55a9f206cfd06019a62c73d7a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1320da6136d8524476a1336673f89f8299d8fce9bf4a7890e78e358acc68a600_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:32fb5e53668e0872180d83bc00476a59c249ec22b80f688d79949fab487122ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4777696dc53510105af1752f853171546afc636f7153f31044659dc4d619b401_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4b4ef260ada8181e6214bada86f09f4eca5bbab4bad89c905ce09178780f23d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:12d10ab7c35446cb17cc5d62b6c24a8d01a70c96f6ff8987007f0a833b869d8f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a53a1ae23f9233c53e64b8184662f2d7d01ef87a6faca95523c020792772812_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3773a5dd56eeddc0cefcc17be4db773c6149192e7acab0dd6d313bb2cbd98034_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:fa628f1f7283aac46894322071880035672f7190b48321fd24575b15f591d510_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0d296152d81a70b3bc20d85e96d2bf8c47cac0ee36993018cdba702c79e8d4cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2e87fc0db414d7b20ca471225ee9f4f7e3e8d6b0d73758bb787f938452b9fef8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:57cfcd3e3202d88981379ced33bac62bb1dc2da57bb9de5c4b7c1b2005d9fd6d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9198bc607d1c1fdce35760015751103c9746a25444f2507d3f6ab452bb564ce4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b7ce5c040e508387ac72012147a6c6c76fcf1be0b8132219eafd92ec4e3d995_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba2aa7c56993a908ca5a92b828d0bdfe05cbd99cace53e2879425b0bb750fa0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4e8b65eb6ff94ee67449fbde63f7800dfece156139fa2facd851f0190bc85f85_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:98741c91d31acc5f8ffceafe6ec78031044e67b272f7bc3613f9121f5d63401f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:ad9538959ca5035ec315dbb597343b67dab3979417fc3003e77888f1a8ed7827_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.1.9\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.1.9, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* openshift-service-mesh/istio-proxyv2-rhel9: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack (CVE-2026-47774)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:26222",
"url": "https://access.redhat.com/errata/RHSA-2026:26222"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47774",
"url": "https://access.redhat.com/security/cve/CVE-2026-47774"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26222.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.9",
"tracking": {
"current_release_date": "2026-06-30T04:22:19+00:00",
"generator": {
"date": "2026-06-30T04:22:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:26222",
"initial_release_date": "2026-06-16T08:59:03+00:00",
"revision_history": [
{
"date": "2026-06-16T08:59:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-16T08:59:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:22:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:ad9538959ca5035ec315dbb597343b67dab3979417fc3003e77888f1a8ed7827_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:ad9538959ca5035ec315dbb597343b67dab3979417fc3003e77888f1a8ed7827_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:ad9538959ca5035ec315dbb597343b67dab3979417fc3003e77888f1a8ed7827_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3Aad9538959ca5035ec315dbb597343b67dab3979417fc3003e77888f1a8ed7827?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle\u0026tag=1781073729"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:32fb5e53668e0872180d83bc00476a59c249ec22b80f688d79949fab487122ac_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:32fb5e53668e0872180d83bc00476a59c249ec22b80f688d79949fab487122ac_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:32fb5e53668e0872180d83bc00476a59c249ec22b80f688d79949fab487122ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A32fb5e53668e0872180d83bc00476a59c249ec22b80f688d79949fab487122ac?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1780409215"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a53a1ae23f9233c53e64b8184662f2d7d01ef87a6faca95523c020792772812_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a53a1ae23f9233c53e64b8184662f2d7d01ef87a6faca95523c020792772812_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a53a1ae23f9233c53e64b8184662f2d7d01ef87a6faca95523c020792772812_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A2a53a1ae23f9233c53e64b8184662f2d7d01ef87a6faca95523c020792772812?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780408612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b7ce5c040e508387ac72012147a6c6c76fcf1be0b8132219eafd92ec4e3d995_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b7ce5c040e508387ac72012147a6c6c76fcf1be0b8132219eafd92ec4e3d995_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b7ce5c040e508387ac72012147a6c6c76fcf1be0b8132219eafd92ec4e3d995_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A3b7ce5c040e508387ac72012147a6c6c76fcf1be0b8132219eafd92ec4e3d995?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1780513369"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2e87fc0db414d7b20ca471225ee9f4f7e3e8d6b0d73758bb787f938452b9fef8_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2e87fc0db414d7b20ca471225ee9f4f7e3e8d6b0d73758bb787f938452b9fef8_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2e87fc0db414d7b20ca471225ee9f4f7e3e8d6b0d73758bb787f938452b9fef8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A2e87fc0db414d7b20ca471225ee9f4f7e3e8d6b0d73758bb787f938452b9fef8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1780408152"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:6991e2da2e80b475a074d5d6f88d369218f3f0685da9cf1681fff832f732332d_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:6991e2da2e80b475a074d5d6f88d369218f3f0685da9cf1681fff832f732332d_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:6991e2da2e80b475a074d5d6f88d369218f3f0685da9cf1681fff832f732332d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A6991e2da2e80b475a074d5d6f88d369218f3f0685da9cf1681fff832f732332d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781070158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:9ce34e666db0e2233e6c7cd8abec6f1ff1666e280a066121dbdc88fdee5ee8f5_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:9ce34e666db0e2233e6c7cd8abec6f1ff1666e280a066121dbdc88fdee5ee8f5_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:9ce34e666db0e2233e6c7cd8abec6f1ff1666e280a066121dbdc88fdee5ee8f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A9ce34e666db0e2233e6c7cd8abec6f1ff1666e280a066121dbdc88fdee5ee8f5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9\u0026tag=1780909004"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4b4ef260ada8181e6214bada86f09f4eca5bbab4bad89c905ce09178780f23d9_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4b4ef260ada8181e6214bada86f09f4eca5bbab4bad89c905ce09178780f23d9_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4b4ef260ada8181e6214bada86f09f4eca5bbab4bad89c905ce09178780f23d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4b4ef260ada8181e6214bada86f09f4eca5bbab4bad89c905ce09178780f23d9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1780409215"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3773a5dd56eeddc0cefcc17be4db773c6149192e7acab0dd6d313bb2cbd98034_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3773a5dd56eeddc0cefcc17be4db773c6149192e7acab0dd6d313bb2cbd98034_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3773a5dd56eeddc0cefcc17be4db773c6149192e7acab0dd6d313bb2cbd98034_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A3773a5dd56eeddc0cefcc17be4db773c6149192e7acab0dd6d313bb2cbd98034?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780408612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba2aa7c56993a908ca5a92b828d0bdfe05cbd99cace53e2879425b0bb750fa0_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba2aa7c56993a908ca5a92b828d0bdfe05cbd99cace53e2879425b0bb750fa0_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba2aa7c56993a908ca5a92b828d0bdfe05cbd99cace53e2879425b0bb750fa0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A3ba2aa7c56993a908ca5a92b828d0bdfe05cbd99cace53e2879425b0bb750fa0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1780513369"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9198bc607d1c1fdce35760015751103c9746a25444f2507d3f6ab452bb564ce4_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9198bc607d1c1fdce35760015751103c9746a25444f2507d3f6ab452bb564ce4_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9198bc607d1c1fdce35760015751103c9746a25444f2507d3f6ab452bb564ce4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A9198bc607d1c1fdce35760015751103c9746a25444f2507d3f6ab452bb564ce4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1780408152"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1c296024f2ec78190d8ce84f8e84819f84376c1047026952a1cd2fc4948c4090_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1c296024f2ec78190d8ce84f8e84819f84376c1047026952a1cd2fc4948c4090_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1c296024f2ec78190d8ce84f8e84819f84376c1047026952a1cd2fc4948c4090_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A1c296024f2ec78190d8ce84f8e84819f84376c1047026952a1cd2fc4948c4090?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781070158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:edd134df753b3489efc2193c51c86f0412f54ea55a9f206cfd06019a62c73d7a_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:edd134df753b3489efc2193c51c86f0412f54ea55a9f206cfd06019a62c73d7a_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:edd134df753b3489efc2193c51c86f0412f54ea55a9f206cfd06019a62c73d7a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aedd134df753b3489efc2193c51c86f0412f54ea55a9f206cfd06019a62c73d7a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9\u0026tag=1780909004"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4777696dc53510105af1752f853171546afc636f7153f31044659dc4d619b401_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4777696dc53510105af1752f853171546afc636f7153f31044659dc4d619b401_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4777696dc53510105af1752f853171546afc636f7153f31044659dc4d619b401_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4777696dc53510105af1752f853171546afc636f7153f31044659dc4d619b401?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1780409215"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:fa628f1f7283aac46894322071880035672f7190b48321fd24575b15f591d510_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:fa628f1f7283aac46894322071880035672f7190b48321fd24575b15f591d510_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:fa628f1f7283aac46894322071880035672f7190b48321fd24575b15f591d510_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Afa628f1f7283aac46894322071880035672f7190b48321fd24575b15f591d510?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780408612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:98741c91d31acc5f8ffceafe6ec78031044e67b272f7bc3613f9121f5d63401f_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:98741c91d31acc5f8ffceafe6ec78031044e67b272f7bc3613f9121f5d63401f_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:98741c91d31acc5f8ffceafe6ec78031044e67b272f7bc3613f9121f5d63401f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A98741c91d31acc5f8ffceafe6ec78031044e67b272f7bc3613f9121f5d63401f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1780513369"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0d296152d81a70b3bc20d85e96d2bf8c47cac0ee36993018cdba702c79e8d4cf_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0d296152d81a70b3bc20d85e96d2bf8c47cac0ee36993018cdba702c79e8d4cf_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0d296152d81a70b3bc20d85e96d2bf8c47cac0ee36993018cdba702c79e8d4cf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A0d296152d81a70b3bc20d85e96d2bf8c47cac0ee36993018cdba702c79e8d4cf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1780408152"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d959a970e9e8f3abdeac805802d98a1974e6c564fee39871cfe9ccaa2660ae75_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d959a970e9e8f3abdeac805802d98a1974e6c564fee39871cfe9ccaa2660ae75_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d959a970e9e8f3abdeac805802d98a1974e6c564fee39871cfe9ccaa2660ae75_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ad959a970e9e8f3abdeac805802d98a1974e6c564fee39871cfe9ccaa2660ae75?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781070158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:d3147f84726a242fb2607b8f90180a6d369fe6bb2c36185da738482e21e35078_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:d3147f84726a242fb2607b8f90180a6d369fe6bb2c36185da738482e21e35078_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:d3147f84726a242fb2607b8f90180a6d369fe6bb2c36185da738482e21e35078_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ad3147f84726a242fb2607b8f90180a6d369fe6bb2c36185da738482e21e35078?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9\u0026tag=1780909004"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1320da6136d8524476a1336673f89f8299d8fce9bf4a7890e78e358acc68a600_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1320da6136d8524476a1336673f89f8299d8fce9bf4a7890e78e358acc68a600_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1320da6136d8524476a1336673f89f8299d8fce9bf4a7890e78e358acc68a600_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A1320da6136d8524476a1336673f89f8299d8fce9bf4a7890e78e358acc68a600?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1780409215"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:12d10ab7c35446cb17cc5d62b6c24a8d01a70c96f6ff8987007f0a833b869d8f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:12d10ab7c35446cb17cc5d62b6c24a8d01a70c96f6ff8987007f0a833b869d8f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:12d10ab7c35446cb17cc5d62b6c24a8d01a70c96f6ff8987007f0a833b869d8f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A12d10ab7c35446cb17cc5d62b6c24a8d01a70c96f6ff8987007f0a833b869d8f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780408612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4e8b65eb6ff94ee67449fbde63f7800dfece156139fa2facd851f0190bc85f85_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4e8b65eb6ff94ee67449fbde63f7800dfece156139fa2facd851f0190bc85f85_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4e8b65eb6ff94ee67449fbde63f7800dfece156139fa2facd851f0190bc85f85_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A4e8b65eb6ff94ee67449fbde63f7800dfece156139fa2facd851f0190bc85f85?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1780513369"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:57cfcd3e3202d88981379ced33bac62bb1dc2da57bb9de5c4b7c1b2005d9fd6d_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:57cfcd3e3202d88981379ced33bac62bb1dc2da57bb9de5c4b7c1b2005d9fd6d_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:57cfcd3e3202d88981379ced33bac62bb1dc2da57bb9de5c4b7c1b2005d9fd6d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A57cfcd3e3202d88981379ced33bac62bb1dc2da57bb9de5c4b7c1b2005d9fd6d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1780408152"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:18b5e5e2b3a8f74d40c18bbd58e84c8031e0eacfeadb9532d6e4a02dab0b1056_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:18b5e5e2b3a8f74d40c18bbd58e84c8031e0eacfeadb9532d6e4a02dab0b1056_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:18b5e5e2b3a8f74d40c18bbd58e84c8031e0eacfeadb9532d6e4a02dab0b1056_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A18b5e5e2b3a8f74d40c18bbd58e84c8031e0eacfeadb9532d6e4a02dab0b1056?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781070158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a6e721cec618a366f6e637eef207e5ac9b1df5b28bf143602f2e650c225a9596_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a6e721cec618a366f6e637eef207e5ac9b1df5b28bf143602f2e650c225a9596_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a6e721cec618a366f6e637eef207e5ac9b1df5b28bf143602f2e650c225a9596_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aa6e721cec618a366f6e637eef207e5ac9b1df5b28bf143602f2e650c225a9596?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9\u0026tag=1780909004"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:9ce34e666db0e2233e6c7cd8abec6f1ff1666e280a066121dbdc88fdee5ee8f5_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:9ce34e666db0e2233e6c7cd8abec6f1ff1666e280a066121dbdc88fdee5ee8f5_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:9ce34e666db0e2233e6c7cd8abec6f1ff1666e280a066121dbdc88fdee5ee8f5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a6e721cec618a366f6e637eef207e5ac9b1df5b28bf143602f2e650c225a9596_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a6e721cec618a366f6e637eef207e5ac9b1df5b28bf143602f2e650c225a9596_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a6e721cec618a366f6e637eef207e5ac9b1df5b28bf143602f2e650c225a9596_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:d3147f84726a242fb2607b8f90180a6d369fe6bb2c36185da738482e21e35078_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:d3147f84726a242fb2607b8f90180a6d369fe6bb2c36185da738482e21e35078_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:d3147f84726a242fb2607b8f90180a6d369fe6bb2c36185da738482e21e35078_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:edd134df753b3489efc2193c51c86f0412f54ea55a9f206cfd06019a62c73d7a_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:edd134df753b3489efc2193c51c86f0412f54ea55a9f206cfd06019a62c73d7a_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:edd134df753b3489efc2193c51c86f0412f54ea55a9f206cfd06019a62c73d7a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1320da6136d8524476a1336673f89f8299d8fce9bf4a7890e78e358acc68a600_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1320da6136d8524476a1336673f89f8299d8fce9bf4a7890e78e358acc68a600_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1320da6136d8524476a1336673f89f8299d8fce9bf4a7890e78e358acc68a600_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:32fb5e53668e0872180d83bc00476a59c249ec22b80f688d79949fab487122ac_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:32fb5e53668e0872180d83bc00476a59c249ec22b80f688d79949fab487122ac_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:32fb5e53668e0872180d83bc00476a59c249ec22b80f688d79949fab487122ac_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4777696dc53510105af1752f853171546afc636f7153f31044659dc4d619b401_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4777696dc53510105af1752f853171546afc636f7153f31044659dc4d619b401_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4777696dc53510105af1752f853171546afc636f7153f31044659dc4d619b401_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4b4ef260ada8181e6214bada86f09f4eca5bbab4bad89c905ce09178780f23d9_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4b4ef260ada8181e6214bada86f09f4eca5bbab4bad89c905ce09178780f23d9_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4b4ef260ada8181e6214bada86f09f4eca5bbab4bad89c905ce09178780f23d9_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:12d10ab7c35446cb17cc5d62b6c24a8d01a70c96f6ff8987007f0a833b869d8f_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:12d10ab7c35446cb17cc5d62b6c24a8d01a70c96f6ff8987007f0a833b869d8f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:12d10ab7c35446cb17cc5d62b6c24a8d01a70c96f6ff8987007f0a833b869d8f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a53a1ae23f9233c53e64b8184662f2d7d01ef87a6faca95523c020792772812_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a53a1ae23f9233c53e64b8184662f2d7d01ef87a6faca95523c020792772812_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a53a1ae23f9233c53e64b8184662f2d7d01ef87a6faca95523c020792772812_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3773a5dd56eeddc0cefcc17be4db773c6149192e7acab0dd6d313bb2cbd98034_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3773a5dd56eeddc0cefcc17be4db773c6149192e7acab0dd6d313bb2cbd98034_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3773a5dd56eeddc0cefcc17be4db773c6149192e7acab0dd6d313bb2cbd98034_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:fa628f1f7283aac46894322071880035672f7190b48321fd24575b15f591d510_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:fa628f1f7283aac46894322071880035672f7190b48321fd24575b15f591d510_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:fa628f1f7283aac46894322071880035672f7190b48321fd24575b15f591d510_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0d296152d81a70b3bc20d85e96d2bf8c47cac0ee36993018cdba702c79e8d4cf_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0d296152d81a70b3bc20d85e96d2bf8c47cac0ee36993018cdba702c79e8d4cf_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0d296152d81a70b3bc20d85e96d2bf8c47cac0ee36993018cdba702c79e8d4cf_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2e87fc0db414d7b20ca471225ee9f4f7e3e8d6b0d73758bb787f938452b9fef8_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2e87fc0db414d7b20ca471225ee9f4f7e3e8d6b0d73758bb787f938452b9fef8_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2e87fc0db414d7b20ca471225ee9f4f7e3e8d6b0d73758bb787f938452b9fef8_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:57cfcd3e3202d88981379ced33bac62bb1dc2da57bb9de5c4b7c1b2005d9fd6d_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:57cfcd3e3202d88981379ced33bac62bb1dc2da57bb9de5c4b7c1b2005d9fd6d_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:57cfcd3e3202d88981379ced33bac62bb1dc2da57bb9de5c4b7c1b2005d9fd6d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9198bc607d1c1fdce35760015751103c9746a25444f2507d3f6ab452bb564ce4_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9198bc607d1c1fdce35760015751103c9746a25444f2507d3f6ab452bb564ce4_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9198bc607d1c1fdce35760015751103c9746a25444f2507d3f6ab452bb564ce4_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:18b5e5e2b3a8f74d40c18bbd58e84c8031e0eacfeadb9532d6e4a02dab0b1056_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:18b5e5e2b3a8f74d40c18bbd58e84c8031e0eacfeadb9532d6e4a02dab0b1056_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:18b5e5e2b3a8f74d40c18bbd58e84c8031e0eacfeadb9532d6e4a02dab0b1056_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1c296024f2ec78190d8ce84f8e84819f84376c1047026952a1cd2fc4948c4090_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1c296024f2ec78190d8ce84f8e84819f84376c1047026952a1cd2fc4948c4090_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1c296024f2ec78190d8ce84f8e84819f84376c1047026952a1cd2fc4948c4090_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:6991e2da2e80b475a074d5d6f88d369218f3f0685da9cf1681fff832f732332d_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:6991e2da2e80b475a074d5d6f88d369218f3f0685da9cf1681fff832f732332d_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:6991e2da2e80b475a074d5d6f88d369218f3f0685da9cf1681fff832f732332d_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d959a970e9e8f3abdeac805802d98a1974e6c564fee39871cfe9ccaa2660ae75_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d959a970e9e8f3abdeac805802d98a1974e6c564fee39871cfe9ccaa2660ae75_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d959a970e9e8f3abdeac805802d98a1974e6c564fee39871cfe9ccaa2660ae75_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b7ce5c040e508387ac72012147a6c6c76fcf1be0b8132219eafd92ec4e3d995_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b7ce5c040e508387ac72012147a6c6c76fcf1be0b8132219eafd92ec4e3d995_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b7ce5c040e508387ac72012147a6c6c76fcf1be0b8132219eafd92ec4e3d995_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba2aa7c56993a908ca5a92b828d0bdfe05cbd99cace53e2879425b0bb750fa0_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba2aa7c56993a908ca5a92b828d0bdfe05cbd99cace53e2879425b0bb750fa0_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba2aa7c56993a908ca5a92b828d0bdfe05cbd99cace53e2879425b0bb750fa0_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4e8b65eb6ff94ee67449fbde63f7800dfece156139fa2facd851f0190bc85f85_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4e8b65eb6ff94ee67449fbde63f7800dfece156139fa2facd851f0190bc85f85_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4e8b65eb6ff94ee67449fbde63f7800dfece156139fa2facd851f0190bc85f85_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:98741c91d31acc5f8ffceafe6ec78031044e67b272f7bc3613f9121f5d63401f_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:98741c91d31acc5f8ffceafe6ec78031044e67b272f7bc3613f9121f5d63401f_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:98741c91d31acc5f8ffceafe6ec78031044e67b272f7bc3613f9121f5d63401f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:ad9538959ca5035ec315dbb597343b67dab3979417fc3003e77888f1a8ed7827_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:ad9538959ca5035ec315dbb597343b67dab3979417fc3003e77888f1a8ed7827_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:ad9538959ca5035ec315dbb597343b67dab3979417fc3003e77888f1a8ed7827_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-47774",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-06-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:9ce34e666db0e2233e6c7cd8abec6f1ff1666e280a066121dbdc88fdee5ee8f5_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a6e721cec618a366f6e637eef207e5ac9b1df5b28bf143602f2e650c225a9596_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:d3147f84726a242fb2607b8f90180a6d369fe6bb2c36185da738482e21e35078_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:edd134df753b3489efc2193c51c86f0412f54ea55a9f206cfd06019a62c73d7a_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1320da6136d8524476a1336673f89f8299d8fce9bf4a7890e78e358acc68a600_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:32fb5e53668e0872180d83bc00476a59c249ec22b80f688d79949fab487122ac_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4777696dc53510105af1752f853171546afc636f7153f31044659dc4d619b401_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4b4ef260ada8181e6214bada86f09f4eca5bbab4bad89c905ce09178780f23d9_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:12d10ab7c35446cb17cc5d62b6c24a8d01a70c96f6ff8987007f0a833b869d8f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a53a1ae23f9233c53e64b8184662f2d7d01ef87a6faca95523c020792772812_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3773a5dd56eeddc0cefcc17be4db773c6149192e7acab0dd6d313bb2cbd98034_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:fa628f1f7283aac46894322071880035672f7190b48321fd24575b15f591d510_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0d296152d81a70b3bc20d85e96d2bf8c47cac0ee36993018cdba702c79e8d4cf_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2e87fc0db414d7b20ca471225ee9f4f7e3e8d6b0d73758bb787f938452b9fef8_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:57cfcd3e3202d88981379ced33bac62bb1dc2da57bb9de5c4b7c1b2005d9fd6d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9198bc607d1c1fdce35760015751103c9746a25444f2507d3f6ab452bb564ce4_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b7ce5c040e508387ac72012147a6c6c76fcf1be0b8132219eafd92ec4e3d995_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba2aa7c56993a908ca5a92b828d0bdfe05cbd99cace53e2879425b0bb750fa0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4e8b65eb6ff94ee67449fbde63f7800dfece156139fa2facd851f0190bc85f85_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:98741c91d31acc5f8ffceafe6ec78031044e67b272f7bc3613f9121f5d63401f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:ad9538959ca5035ec315dbb597343b67dab3979417fc3003e77888f1a8ed7827_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487465"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability was found in Envoy\u0027s HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:18b5e5e2b3a8f74d40c18bbd58e84c8031e0eacfeadb9532d6e4a02dab0b1056_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1c296024f2ec78190d8ce84f8e84819f84376c1047026952a1cd2fc4948c4090_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:6991e2da2e80b475a074d5d6f88d369218f3f0685da9cf1681fff832f732332d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d959a970e9e8f3abdeac805802d98a1974e6c564fee39871cfe9ccaa2660ae75_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:9ce34e666db0e2233e6c7cd8abec6f1ff1666e280a066121dbdc88fdee5ee8f5_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a6e721cec618a366f6e637eef207e5ac9b1df5b28bf143602f2e650c225a9596_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:d3147f84726a242fb2607b8f90180a6d369fe6bb2c36185da738482e21e35078_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:edd134df753b3489efc2193c51c86f0412f54ea55a9f206cfd06019a62c73d7a_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1320da6136d8524476a1336673f89f8299d8fce9bf4a7890e78e358acc68a600_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:32fb5e53668e0872180d83bc00476a59c249ec22b80f688d79949fab487122ac_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4777696dc53510105af1752f853171546afc636f7153f31044659dc4d619b401_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4b4ef260ada8181e6214bada86f09f4eca5bbab4bad89c905ce09178780f23d9_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:12d10ab7c35446cb17cc5d62b6c24a8d01a70c96f6ff8987007f0a833b869d8f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a53a1ae23f9233c53e64b8184662f2d7d01ef87a6faca95523c020792772812_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3773a5dd56eeddc0cefcc17be4db773c6149192e7acab0dd6d313bb2cbd98034_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:fa628f1f7283aac46894322071880035672f7190b48321fd24575b15f591d510_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0d296152d81a70b3bc20d85e96d2bf8c47cac0ee36993018cdba702c79e8d4cf_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2e87fc0db414d7b20ca471225ee9f4f7e3e8d6b0d73758bb787f938452b9fef8_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:57cfcd3e3202d88981379ced33bac62bb1dc2da57bb9de5c4b7c1b2005d9fd6d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9198bc607d1c1fdce35760015751103c9746a25444f2507d3f6ab452bb564ce4_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b7ce5c040e508387ac72012147a6c6c76fcf1be0b8132219eafd92ec4e3d995_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba2aa7c56993a908ca5a92b828d0bdfe05cbd99cace53e2879425b0bb750fa0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4e8b65eb6ff94ee67449fbde63f7800dfece156139fa2facd851f0190bc85f85_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:98741c91d31acc5f8ffceafe6ec78031044e67b272f7bc3613f9121f5d63401f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:ad9538959ca5035ec315dbb597343b67dab3979417fc3003e77888f1a8ed7827_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47774"
},
{
"category": "external",
"summary": "RHBZ#2487465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487465"
},
{
"category": "external",
"summary": "RHSB-2026-007",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2026-007"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47774",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47774"
}
],
"release_date": "2026-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T08:59:03+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:18b5e5e2b3a8f74d40c18bbd58e84c8031e0eacfeadb9532d6e4a02dab0b1056_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1c296024f2ec78190d8ce84f8e84819f84376c1047026952a1cd2fc4948c4090_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:6991e2da2e80b475a074d5d6f88d369218f3f0685da9cf1681fff832f732332d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d959a970e9e8f3abdeac805802d98a1974e6c564fee39871cfe9ccaa2660ae75_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26222"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:9ce34e666db0e2233e6c7cd8abec6f1ff1666e280a066121dbdc88fdee5ee8f5_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a6e721cec618a366f6e637eef207e5ac9b1df5b28bf143602f2e650c225a9596_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:d3147f84726a242fb2607b8f90180a6d369fe6bb2c36185da738482e21e35078_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:edd134df753b3489efc2193c51c86f0412f54ea55a9f206cfd06019a62c73d7a_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1320da6136d8524476a1336673f89f8299d8fce9bf4a7890e78e358acc68a600_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:32fb5e53668e0872180d83bc00476a59c249ec22b80f688d79949fab487122ac_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4777696dc53510105af1752f853171546afc636f7153f31044659dc4d619b401_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4b4ef260ada8181e6214bada86f09f4eca5bbab4bad89c905ce09178780f23d9_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:12d10ab7c35446cb17cc5d62b6c24a8d01a70c96f6ff8987007f0a833b869d8f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a53a1ae23f9233c53e64b8184662f2d7d01ef87a6faca95523c020792772812_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3773a5dd56eeddc0cefcc17be4db773c6149192e7acab0dd6d313bb2cbd98034_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:fa628f1f7283aac46894322071880035672f7190b48321fd24575b15f591d510_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0d296152d81a70b3bc20d85e96d2bf8c47cac0ee36993018cdba702c79e8d4cf_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2e87fc0db414d7b20ca471225ee9f4f7e3e8d6b0d73758bb787f938452b9fef8_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:57cfcd3e3202d88981379ced33bac62bb1dc2da57bb9de5c4b7c1b2005d9fd6d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9198bc607d1c1fdce35760015751103c9746a25444f2507d3f6ab452bb564ce4_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:18b5e5e2b3a8f74d40c18bbd58e84c8031e0eacfeadb9532d6e4a02dab0b1056_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1c296024f2ec78190d8ce84f8e84819f84376c1047026952a1cd2fc4948c4090_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:6991e2da2e80b475a074d5d6f88d369218f3f0685da9cf1681fff832f732332d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d959a970e9e8f3abdeac805802d98a1974e6c564fee39871cfe9ccaa2660ae75_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b7ce5c040e508387ac72012147a6c6c76fcf1be0b8132219eafd92ec4e3d995_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba2aa7c56993a908ca5a92b828d0bdfe05cbd99cace53e2879425b0bb750fa0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4e8b65eb6ff94ee67449fbde63f7800dfece156139fa2facd851f0190bc85f85_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:98741c91d31acc5f8ffceafe6ec78031044e67b272f7bc3613f9121f5d63401f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:ad9538959ca5035ec315dbb597343b67dab3979417fc3003e77888f1a8ed7827_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:9ce34e666db0e2233e6c7cd8abec6f1ff1666e280a066121dbdc88fdee5ee8f5_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a6e721cec618a366f6e637eef207e5ac9b1df5b28bf143602f2e650c225a9596_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:d3147f84726a242fb2607b8f90180a6d369fe6bb2c36185da738482e21e35078_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:edd134df753b3489efc2193c51c86f0412f54ea55a9f206cfd06019a62c73d7a_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1320da6136d8524476a1336673f89f8299d8fce9bf4a7890e78e358acc68a600_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:32fb5e53668e0872180d83bc00476a59c249ec22b80f688d79949fab487122ac_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4777696dc53510105af1752f853171546afc636f7153f31044659dc4d619b401_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4b4ef260ada8181e6214bada86f09f4eca5bbab4bad89c905ce09178780f23d9_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:12d10ab7c35446cb17cc5d62b6c24a8d01a70c96f6ff8987007f0a833b869d8f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2a53a1ae23f9233c53e64b8184662f2d7d01ef87a6faca95523c020792772812_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3773a5dd56eeddc0cefcc17be4db773c6149192e7acab0dd6d313bb2cbd98034_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:fa628f1f7283aac46894322071880035672f7190b48321fd24575b15f591d510_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0d296152d81a70b3bc20d85e96d2bf8c47cac0ee36993018cdba702c79e8d4cf_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2e87fc0db414d7b20ca471225ee9f4f7e3e8d6b0d73758bb787f938452b9fef8_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:57cfcd3e3202d88981379ced33bac62bb1dc2da57bb9de5c4b7c1b2005d9fd6d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9198bc607d1c1fdce35760015751103c9746a25444f2507d3f6ab452bb564ce4_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:18b5e5e2b3a8f74d40c18bbd58e84c8031e0eacfeadb9532d6e4a02dab0b1056_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1c296024f2ec78190d8ce84f8e84819f84376c1047026952a1cd2fc4948c4090_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:6991e2da2e80b475a074d5d6f88d369218f3f0685da9cf1681fff832f732332d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d959a970e9e8f3abdeac805802d98a1974e6c564fee39871cfe9ccaa2660ae75_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b7ce5c040e508387ac72012147a6c6c76fcf1be0b8132219eafd92ec4e3d995_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba2aa7c56993a908ca5a92b828d0bdfe05cbd99cace53e2879425b0bb750fa0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4e8b65eb6ff94ee67449fbde63f7800dfece156139fa2facd851f0190bc85f85_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:98741c91d31acc5f8ffceafe6ec78031044e67b272f7bc3613f9121f5d63401f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:ad9538959ca5035ec315dbb597343b67dab3979417fc3003e77888f1a8ed7827_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack"
}
]
}
RHSA-2026:26231
Vulnerability from csaf_redhat - Published: 2026-06-16 09:27 - Updated: 2026-06-30 04:22A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0c8b094d37be696f55f4a7f3bacc89df0d7d8758ef726aa4cced8c675cedd893_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:566720d2683ddc21de68ec4a7d06998565a5b307328b62188c00a859aa01416a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f9ad974659eaa7fb581635dc7dec5f7e561d12f39ca11fef16b416fc9634a964_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:fdab7c58feb092e4e4adcbb95c2375bdfd76fb9702539e7b92577c8197282364_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:57c22050e27874f142225cb52a3cfb48662749fa11badfaefe35c27e9cf6b9d7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a82b4f882835509f53e3f60b395d7e58956ff4158a7ab77a78cc34835624e72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86f9149a3246121ec96d3413eb056617530f00808552637a291f27a800932556_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a63c47511101e2fc22f051a057a0b5307a0a546a706e6b4042d7f483ed8e368c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:22fb322dad667f097805440d5f2a9427156a4b3bbc8fe9a2ed3466dbeef3f2f7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:23e9fbe6e6ea11e832c7f5dba42a6647468b782cacd4e1605e7ac9566cae6108_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:243ebdfcec4c9a5f856112061407632d8a3463f9a22f4b8196ba23bc978d4147_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:616a5e991ed54c8dc00b999dcedd8866fb7ded4d739079470fd306cdee4612b2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6a98519e5624a785b905790c9714764fc6ddd8ae4027716929397f6f8f5d8fda_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bbdae8c7762d0028990a39ae19e39ff27a4d484563525c7c5f6f446409f2fc1a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f3159b0735f7f25b40b246634e4bf40b668a4ab8d9318d3c0499150b00486a34_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:fe03415d573ef8d4f907795255cec3f61dcc6d864401b6cd7aa45f1685f3b08d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b72a06f6d0bc5a74107c7edb87af64e1878779a09946d72e6b5f181bf0f0a27_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3cd40ea42fc8ac197bd3f54b4e799b4e294e14081c73b9d6011bf50b08bdff59_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8387e7640fb308b1da2ec996a1367d8da3c9a1d6b8b51a4a4c5255acd5c1cca9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e61db9b8fb75e91717ebe5819e04212aa71b65c9e098ad800c9b03f82c38704f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:83ffcd8afe730203afd97713292fb56e29a120b6296d03439c0e8e8cf3013186_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0c76e3710d2b156ab849a801cdfd9d4af713bf05928968a290e2e23ea7bfc6da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:485865eb1b84b371b8584b05833a4f46267cd6ae7d748d9420cf3211fa67b513_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a8482ac8a8eb9a7e8f06abc2f8808089ac657425c6b497ab0a16a6d45780aeed_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cfb768203c4fdd29e8229db912e47bc381dcd3841cfad9ae592461dc6b99fba5_arm64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.2.6\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.2.6, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* openshift-service-mesh/istio-proxyv2-rhel9: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack (CVE-2026-47774)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:26231",
"url": "https://access.redhat.com/errata/RHSA-2026:26231"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47774",
"url": "https://access.redhat.com/security/cve/CVE-2026-47774"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26231.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.6",
"tracking": {
"current_release_date": "2026-06-30T04:22:19+00:00",
"generator": {
"date": "2026-06-30T04:22:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:26231",
"initial_release_date": "2026-06-16T09:27:21+00:00",
"revision_history": [
{
"date": "2026-06-16T09:27:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-16T09:27:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:22:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:83ffcd8afe730203afd97713292fb56e29a120b6296d03439c0e8e8cf3013186_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:83ffcd8afe730203afd97713292fb56e29a120b6296d03439c0e8e8cf3013186_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:83ffcd8afe730203afd97713292fb56e29a120b6296d03439c0e8e8cf3013186_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A83ffcd8afe730203afd97713292fb56e29a120b6296d03439c0e8e8cf3013186?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle\u0026tag=1781074455"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a63c47511101e2fc22f051a057a0b5307a0a546a706e6b4042d7f483ed8e368c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a63c47511101e2fc22f051a057a0b5307a0a546a706e6b4042d7f483ed8e368c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a63c47511101e2fc22f051a057a0b5307a0a546a706e6b4042d7f483ed8e368c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Aa63c47511101e2fc22f051a057a0b5307a0a546a706e6b4042d7f483ed8e368c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1780908312"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:616a5e991ed54c8dc00b999dcedd8866fb7ded4d739079470fd306cdee4612b2_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:616a5e991ed54c8dc00b999dcedd8866fb7ded4d739079470fd306cdee4612b2_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:616a5e991ed54c8dc00b999dcedd8866fb7ded4d739079470fd306cdee4612b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A616a5e991ed54c8dc00b999dcedd8866fb7ded4d739079470fd306cdee4612b2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780404600"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e61db9b8fb75e91717ebe5819e04212aa71b65c9e098ad800c9b03f82c38704f_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e61db9b8fb75e91717ebe5819e04212aa71b65c9e098ad800c9b03f82c38704f_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e61db9b8fb75e91717ebe5819e04212aa71b65c9e098ad800c9b03f82c38704f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ae61db9b8fb75e91717ebe5819e04212aa71b65c9e098ad800c9b03f82c38704f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1780512461"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bbdae8c7762d0028990a39ae19e39ff27a4d484563525c7c5f6f446409f2fc1a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bbdae8c7762d0028990a39ae19e39ff27a4d484563525c7c5f6f446409f2fc1a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bbdae8c7762d0028990a39ae19e39ff27a4d484563525c7c5f6f446409f2fc1a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Abbdae8c7762d0028990a39ae19e39ff27a4d484563525c7c5f6f446409f2fc1a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1780404981"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:566720d2683ddc21de68ec4a7d06998565a5b307328b62188c00a859aa01416a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:566720d2683ddc21de68ec4a7d06998565a5b307328b62188c00a859aa01416a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:566720d2683ddc21de68ec4a7d06998565a5b307328b62188c00a859aa01416a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A566720d2683ddc21de68ec4a7d06998565a5b307328b62188c00a859aa01416a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781070967"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:485865eb1b84b371b8584b05833a4f46267cd6ae7d748d9420cf3211fa67b513_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:485865eb1b84b371b8584b05833a4f46267cd6ae7d748d9420cf3211fa67b513_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:485865eb1b84b371b8584b05833a4f46267cd6ae7d748d9420cf3211fa67b513_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A485865eb1b84b371b8584b05833a4f46267cd6ae7d748d9420cf3211fa67b513?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1780908877"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:57c22050e27874f142225cb52a3cfb48662749fa11badfaefe35c27e9cf6b9d7_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:57c22050e27874f142225cb52a3cfb48662749fa11badfaefe35c27e9cf6b9d7_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:57c22050e27874f142225cb52a3cfb48662749fa11badfaefe35c27e9cf6b9d7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A57c22050e27874f142225cb52a3cfb48662749fa11badfaefe35c27e9cf6b9d7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1780908312"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:22fb322dad667f097805440d5f2a9427156a4b3bbc8fe9a2ed3466dbeef3f2f7_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:22fb322dad667f097805440d5f2a9427156a4b3bbc8fe9a2ed3466dbeef3f2f7_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:22fb322dad667f097805440d5f2a9427156a4b3bbc8fe9a2ed3466dbeef3f2f7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A22fb322dad667f097805440d5f2a9427156a4b3bbc8fe9a2ed3466dbeef3f2f7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780404600"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b72a06f6d0bc5a74107c7edb87af64e1878779a09946d72e6b5f181bf0f0a27_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b72a06f6d0bc5a74107c7edb87af64e1878779a09946d72e6b5f181bf0f0a27_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b72a06f6d0bc5a74107c7edb87af64e1878779a09946d72e6b5f181bf0f0a27_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A3b72a06f6d0bc5a74107c7edb87af64e1878779a09946d72e6b5f181bf0f0a27?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1780512461"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f3159b0735f7f25b40b246634e4bf40b668a4ab8d9318d3c0499150b00486a34_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f3159b0735f7f25b40b246634e4bf40b668a4ab8d9318d3c0499150b00486a34_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f3159b0735f7f25b40b246634e4bf40b668a4ab8d9318d3c0499150b00486a34_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Af3159b0735f7f25b40b246634e4bf40b668a4ab8d9318d3c0499150b00486a34?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1780404981"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:fdab7c58feb092e4e4adcbb95c2375bdfd76fb9702539e7b92577c8197282364_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:fdab7c58feb092e4e4adcbb95c2375bdfd76fb9702539e7b92577c8197282364_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:fdab7c58feb092e4e4adcbb95c2375bdfd76fb9702539e7b92577c8197282364_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Afdab7c58feb092e4e4adcbb95c2375bdfd76fb9702539e7b92577c8197282364?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781070967"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cfb768203c4fdd29e8229db912e47bc381dcd3841cfad9ae592461dc6b99fba5_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cfb768203c4fdd29e8229db912e47bc381dcd3841cfad9ae592461dc6b99fba5_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cfb768203c4fdd29e8229db912e47bc381dcd3841cfad9ae592461dc6b99fba5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Acfb768203c4fdd29e8229db912e47bc381dcd3841cfad9ae592461dc6b99fba5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1780908877"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86f9149a3246121ec96d3413eb056617530f00808552637a291f27a800932556_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86f9149a3246121ec96d3413eb056617530f00808552637a291f27a800932556_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86f9149a3246121ec96d3413eb056617530f00808552637a291f27a800932556_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A86f9149a3246121ec96d3413eb056617530f00808552637a291f27a800932556?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1780908312"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:23e9fbe6e6ea11e832c7f5dba42a6647468b782cacd4e1605e7ac9566cae6108_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:23e9fbe6e6ea11e832c7f5dba42a6647468b782cacd4e1605e7ac9566cae6108_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:23e9fbe6e6ea11e832c7f5dba42a6647468b782cacd4e1605e7ac9566cae6108_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A23e9fbe6e6ea11e832c7f5dba42a6647468b782cacd4e1605e7ac9566cae6108?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780404600"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3cd40ea42fc8ac197bd3f54b4e799b4e294e14081c73b9d6011bf50b08bdff59_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3cd40ea42fc8ac197bd3f54b4e799b4e294e14081c73b9d6011bf50b08bdff59_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3cd40ea42fc8ac197bd3f54b4e799b4e294e14081c73b9d6011bf50b08bdff59_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A3cd40ea42fc8ac197bd3f54b4e799b4e294e14081c73b9d6011bf50b08bdff59?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1780512461"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:fe03415d573ef8d4f907795255cec3f61dcc6d864401b6cd7aa45f1685f3b08d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:fe03415d573ef8d4f907795255cec3f61dcc6d864401b6cd7aa45f1685f3b08d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:fe03415d573ef8d4f907795255cec3f61dcc6d864401b6cd7aa45f1685f3b08d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Afe03415d573ef8d4f907795255cec3f61dcc6d864401b6cd7aa45f1685f3b08d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1780404981"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f9ad974659eaa7fb581635dc7dec5f7e561d12f39ca11fef16b416fc9634a964_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f9ad974659eaa7fb581635dc7dec5f7e561d12f39ca11fef16b416fc9634a964_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f9ad974659eaa7fb581635dc7dec5f7e561d12f39ca11fef16b416fc9634a964_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Af9ad974659eaa7fb581635dc7dec5f7e561d12f39ca11fef16b416fc9634a964?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781070967"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0c76e3710d2b156ab849a801cdfd9d4af713bf05928968a290e2e23ea7bfc6da_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0c76e3710d2b156ab849a801cdfd9d4af713bf05928968a290e2e23ea7bfc6da_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0c76e3710d2b156ab849a801cdfd9d4af713bf05928968a290e2e23ea7bfc6da_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A0c76e3710d2b156ab849a801cdfd9d4af713bf05928968a290e2e23ea7bfc6da?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1780908877"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a82b4f882835509f53e3f60b395d7e58956ff4158a7ab77a78cc34835624e72_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a82b4f882835509f53e3f60b395d7e58956ff4158a7ab77a78cc34835624e72_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a82b4f882835509f53e3f60b395d7e58956ff4158a7ab77a78cc34835624e72_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A7a82b4f882835509f53e3f60b395d7e58956ff4158a7ab77a78cc34835624e72?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1780908312"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:243ebdfcec4c9a5f856112061407632d8a3463f9a22f4b8196ba23bc978d4147_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:243ebdfcec4c9a5f856112061407632d8a3463f9a22f4b8196ba23bc978d4147_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:243ebdfcec4c9a5f856112061407632d8a3463f9a22f4b8196ba23bc978d4147_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A243ebdfcec4c9a5f856112061407632d8a3463f9a22f4b8196ba23bc978d4147?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780404600"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8387e7640fb308b1da2ec996a1367d8da3c9a1d6b8b51a4a4c5255acd5c1cca9_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8387e7640fb308b1da2ec996a1367d8da3c9a1d6b8b51a4a4c5255acd5c1cca9_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8387e7640fb308b1da2ec996a1367d8da3c9a1d6b8b51a4a4c5255acd5c1cca9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A8387e7640fb308b1da2ec996a1367d8da3c9a1d6b8b51a4a4c5255acd5c1cca9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1780512461"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6a98519e5624a785b905790c9714764fc6ddd8ae4027716929397f6f8f5d8fda_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6a98519e5624a785b905790c9714764fc6ddd8ae4027716929397f6f8f5d8fda_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6a98519e5624a785b905790c9714764fc6ddd8ae4027716929397f6f8f5d8fda_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A6a98519e5624a785b905790c9714764fc6ddd8ae4027716929397f6f8f5d8fda?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1780404981"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0c8b094d37be696f55f4a7f3bacc89df0d7d8758ef726aa4cced8c675cedd893_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0c8b094d37be696f55f4a7f3bacc89df0d7d8758ef726aa4cced8c675cedd893_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0c8b094d37be696f55f4a7f3bacc89df0d7d8758ef726aa4cced8c675cedd893_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A0c8b094d37be696f55f4a7f3bacc89df0d7d8758ef726aa4cced8c675cedd893?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781070967"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a8482ac8a8eb9a7e8f06abc2f8808089ac657425c6b497ab0a16a6d45780aeed_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a8482ac8a8eb9a7e8f06abc2f8808089ac657425c6b497ab0a16a6d45780aeed_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a8482ac8a8eb9a7e8f06abc2f8808089ac657425c6b497ab0a16a6d45780aeed_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aa8482ac8a8eb9a7e8f06abc2f8808089ac657425c6b497ab0a16a6d45780aeed?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1780908877"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:57c22050e27874f142225cb52a3cfb48662749fa11badfaefe35c27e9cf6b9d7_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:57c22050e27874f142225cb52a3cfb48662749fa11badfaefe35c27e9cf6b9d7_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:57c22050e27874f142225cb52a3cfb48662749fa11badfaefe35c27e9cf6b9d7_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a82b4f882835509f53e3f60b395d7e58956ff4158a7ab77a78cc34835624e72_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a82b4f882835509f53e3f60b395d7e58956ff4158a7ab77a78cc34835624e72_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a82b4f882835509f53e3f60b395d7e58956ff4158a7ab77a78cc34835624e72_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86f9149a3246121ec96d3413eb056617530f00808552637a291f27a800932556_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86f9149a3246121ec96d3413eb056617530f00808552637a291f27a800932556_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86f9149a3246121ec96d3413eb056617530f00808552637a291f27a800932556_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a63c47511101e2fc22f051a057a0b5307a0a546a706e6b4042d7f483ed8e368c_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a63c47511101e2fc22f051a057a0b5307a0a546a706e6b4042d7f483ed8e368c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a63c47511101e2fc22f051a057a0b5307a0a546a706e6b4042d7f483ed8e368c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:22fb322dad667f097805440d5f2a9427156a4b3bbc8fe9a2ed3466dbeef3f2f7_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:22fb322dad667f097805440d5f2a9427156a4b3bbc8fe9a2ed3466dbeef3f2f7_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:22fb322dad667f097805440d5f2a9427156a4b3bbc8fe9a2ed3466dbeef3f2f7_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:23e9fbe6e6ea11e832c7f5dba42a6647468b782cacd4e1605e7ac9566cae6108_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:23e9fbe6e6ea11e832c7f5dba42a6647468b782cacd4e1605e7ac9566cae6108_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:23e9fbe6e6ea11e832c7f5dba42a6647468b782cacd4e1605e7ac9566cae6108_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:243ebdfcec4c9a5f856112061407632d8a3463f9a22f4b8196ba23bc978d4147_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:243ebdfcec4c9a5f856112061407632d8a3463f9a22f4b8196ba23bc978d4147_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:243ebdfcec4c9a5f856112061407632d8a3463f9a22f4b8196ba23bc978d4147_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:616a5e991ed54c8dc00b999dcedd8866fb7ded4d739079470fd306cdee4612b2_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:616a5e991ed54c8dc00b999dcedd8866fb7ded4d739079470fd306cdee4612b2_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:616a5e991ed54c8dc00b999dcedd8866fb7ded4d739079470fd306cdee4612b2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6a98519e5624a785b905790c9714764fc6ddd8ae4027716929397f6f8f5d8fda_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6a98519e5624a785b905790c9714764fc6ddd8ae4027716929397f6f8f5d8fda_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6a98519e5624a785b905790c9714764fc6ddd8ae4027716929397f6f8f5d8fda_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bbdae8c7762d0028990a39ae19e39ff27a4d484563525c7c5f6f446409f2fc1a_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bbdae8c7762d0028990a39ae19e39ff27a4d484563525c7c5f6f446409f2fc1a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bbdae8c7762d0028990a39ae19e39ff27a4d484563525c7c5f6f446409f2fc1a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f3159b0735f7f25b40b246634e4bf40b668a4ab8d9318d3c0499150b00486a34_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f3159b0735f7f25b40b246634e4bf40b668a4ab8d9318d3c0499150b00486a34_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f3159b0735f7f25b40b246634e4bf40b668a4ab8d9318d3c0499150b00486a34_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:fe03415d573ef8d4f907795255cec3f61dcc6d864401b6cd7aa45f1685f3b08d_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:fe03415d573ef8d4f907795255cec3f61dcc6d864401b6cd7aa45f1685f3b08d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:fe03415d573ef8d4f907795255cec3f61dcc6d864401b6cd7aa45f1685f3b08d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0c8b094d37be696f55f4a7f3bacc89df0d7d8758ef726aa4cced8c675cedd893_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0c8b094d37be696f55f4a7f3bacc89df0d7d8758ef726aa4cced8c675cedd893_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0c8b094d37be696f55f4a7f3bacc89df0d7d8758ef726aa4cced8c675cedd893_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:566720d2683ddc21de68ec4a7d06998565a5b307328b62188c00a859aa01416a_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:566720d2683ddc21de68ec4a7d06998565a5b307328b62188c00a859aa01416a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:566720d2683ddc21de68ec4a7d06998565a5b307328b62188c00a859aa01416a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f9ad974659eaa7fb581635dc7dec5f7e561d12f39ca11fef16b416fc9634a964_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f9ad974659eaa7fb581635dc7dec5f7e561d12f39ca11fef16b416fc9634a964_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f9ad974659eaa7fb581635dc7dec5f7e561d12f39ca11fef16b416fc9634a964_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:fdab7c58feb092e4e4adcbb95c2375bdfd76fb9702539e7b92577c8197282364_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:fdab7c58feb092e4e4adcbb95c2375bdfd76fb9702539e7b92577c8197282364_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:fdab7c58feb092e4e4adcbb95c2375bdfd76fb9702539e7b92577c8197282364_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b72a06f6d0bc5a74107c7edb87af64e1878779a09946d72e6b5f181bf0f0a27_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b72a06f6d0bc5a74107c7edb87af64e1878779a09946d72e6b5f181bf0f0a27_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b72a06f6d0bc5a74107c7edb87af64e1878779a09946d72e6b5f181bf0f0a27_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3cd40ea42fc8ac197bd3f54b4e799b4e294e14081c73b9d6011bf50b08bdff59_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3cd40ea42fc8ac197bd3f54b4e799b4e294e14081c73b9d6011bf50b08bdff59_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3cd40ea42fc8ac197bd3f54b4e799b4e294e14081c73b9d6011bf50b08bdff59_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8387e7640fb308b1da2ec996a1367d8da3c9a1d6b8b51a4a4c5255acd5c1cca9_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8387e7640fb308b1da2ec996a1367d8da3c9a1d6b8b51a4a4c5255acd5c1cca9_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8387e7640fb308b1da2ec996a1367d8da3c9a1d6b8b51a4a4c5255acd5c1cca9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e61db9b8fb75e91717ebe5819e04212aa71b65c9e098ad800c9b03f82c38704f_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e61db9b8fb75e91717ebe5819e04212aa71b65c9e098ad800c9b03f82c38704f_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e61db9b8fb75e91717ebe5819e04212aa71b65c9e098ad800c9b03f82c38704f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:83ffcd8afe730203afd97713292fb56e29a120b6296d03439c0e8e8cf3013186_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:83ffcd8afe730203afd97713292fb56e29a120b6296d03439c0e8e8cf3013186_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:83ffcd8afe730203afd97713292fb56e29a120b6296d03439c0e8e8cf3013186_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0c76e3710d2b156ab849a801cdfd9d4af713bf05928968a290e2e23ea7bfc6da_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0c76e3710d2b156ab849a801cdfd9d4af713bf05928968a290e2e23ea7bfc6da_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0c76e3710d2b156ab849a801cdfd9d4af713bf05928968a290e2e23ea7bfc6da_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:485865eb1b84b371b8584b05833a4f46267cd6ae7d748d9420cf3211fa67b513_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:485865eb1b84b371b8584b05833a4f46267cd6ae7d748d9420cf3211fa67b513_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:485865eb1b84b371b8584b05833a4f46267cd6ae7d748d9420cf3211fa67b513_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a8482ac8a8eb9a7e8f06abc2f8808089ac657425c6b497ab0a16a6d45780aeed_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a8482ac8a8eb9a7e8f06abc2f8808089ac657425c6b497ab0a16a6d45780aeed_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a8482ac8a8eb9a7e8f06abc2f8808089ac657425c6b497ab0a16a6d45780aeed_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cfb768203c4fdd29e8229db912e47bc381dcd3841cfad9ae592461dc6b99fba5_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cfb768203c4fdd29e8229db912e47bc381dcd3841cfad9ae592461dc6b99fba5_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cfb768203c4fdd29e8229db912e47bc381dcd3841cfad9ae592461dc6b99fba5_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-47774",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-06-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:57c22050e27874f142225cb52a3cfb48662749fa11badfaefe35c27e9cf6b9d7_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a82b4f882835509f53e3f60b395d7e58956ff4158a7ab77a78cc34835624e72_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86f9149a3246121ec96d3413eb056617530f00808552637a291f27a800932556_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a63c47511101e2fc22f051a057a0b5307a0a546a706e6b4042d7f483ed8e368c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:22fb322dad667f097805440d5f2a9427156a4b3bbc8fe9a2ed3466dbeef3f2f7_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:23e9fbe6e6ea11e832c7f5dba42a6647468b782cacd4e1605e7ac9566cae6108_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:243ebdfcec4c9a5f856112061407632d8a3463f9a22f4b8196ba23bc978d4147_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:616a5e991ed54c8dc00b999dcedd8866fb7ded4d739079470fd306cdee4612b2_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6a98519e5624a785b905790c9714764fc6ddd8ae4027716929397f6f8f5d8fda_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bbdae8c7762d0028990a39ae19e39ff27a4d484563525c7c5f6f446409f2fc1a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f3159b0735f7f25b40b246634e4bf40b668a4ab8d9318d3c0499150b00486a34_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:fe03415d573ef8d4f907795255cec3f61dcc6d864401b6cd7aa45f1685f3b08d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b72a06f6d0bc5a74107c7edb87af64e1878779a09946d72e6b5f181bf0f0a27_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3cd40ea42fc8ac197bd3f54b4e799b4e294e14081c73b9d6011bf50b08bdff59_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8387e7640fb308b1da2ec996a1367d8da3c9a1d6b8b51a4a4c5255acd5c1cca9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e61db9b8fb75e91717ebe5819e04212aa71b65c9e098ad800c9b03f82c38704f_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:83ffcd8afe730203afd97713292fb56e29a120b6296d03439c0e8e8cf3013186_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0c76e3710d2b156ab849a801cdfd9d4af713bf05928968a290e2e23ea7bfc6da_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:485865eb1b84b371b8584b05833a4f46267cd6ae7d748d9420cf3211fa67b513_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a8482ac8a8eb9a7e8f06abc2f8808089ac657425c6b497ab0a16a6d45780aeed_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cfb768203c4fdd29e8229db912e47bc381dcd3841cfad9ae592461dc6b99fba5_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487465"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability was found in Envoy\u0027s HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0c8b094d37be696f55f4a7f3bacc89df0d7d8758ef726aa4cced8c675cedd893_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:566720d2683ddc21de68ec4a7d06998565a5b307328b62188c00a859aa01416a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f9ad974659eaa7fb581635dc7dec5f7e561d12f39ca11fef16b416fc9634a964_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:fdab7c58feb092e4e4adcbb95c2375bdfd76fb9702539e7b92577c8197282364_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:57c22050e27874f142225cb52a3cfb48662749fa11badfaefe35c27e9cf6b9d7_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a82b4f882835509f53e3f60b395d7e58956ff4158a7ab77a78cc34835624e72_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86f9149a3246121ec96d3413eb056617530f00808552637a291f27a800932556_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a63c47511101e2fc22f051a057a0b5307a0a546a706e6b4042d7f483ed8e368c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:22fb322dad667f097805440d5f2a9427156a4b3bbc8fe9a2ed3466dbeef3f2f7_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:23e9fbe6e6ea11e832c7f5dba42a6647468b782cacd4e1605e7ac9566cae6108_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:243ebdfcec4c9a5f856112061407632d8a3463f9a22f4b8196ba23bc978d4147_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:616a5e991ed54c8dc00b999dcedd8866fb7ded4d739079470fd306cdee4612b2_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6a98519e5624a785b905790c9714764fc6ddd8ae4027716929397f6f8f5d8fda_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bbdae8c7762d0028990a39ae19e39ff27a4d484563525c7c5f6f446409f2fc1a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f3159b0735f7f25b40b246634e4bf40b668a4ab8d9318d3c0499150b00486a34_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:fe03415d573ef8d4f907795255cec3f61dcc6d864401b6cd7aa45f1685f3b08d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b72a06f6d0bc5a74107c7edb87af64e1878779a09946d72e6b5f181bf0f0a27_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3cd40ea42fc8ac197bd3f54b4e799b4e294e14081c73b9d6011bf50b08bdff59_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8387e7640fb308b1da2ec996a1367d8da3c9a1d6b8b51a4a4c5255acd5c1cca9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e61db9b8fb75e91717ebe5819e04212aa71b65c9e098ad800c9b03f82c38704f_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:83ffcd8afe730203afd97713292fb56e29a120b6296d03439c0e8e8cf3013186_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0c76e3710d2b156ab849a801cdfd9d4af713bf05928968a290e2e23ea7bfc6da_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:485865eb1b84b371b8584b05833a4f46267cd6ae7d748d9420cf3211fa67b513_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a8482ac8a8eb9a7e8f06abc2f8808089ac657425c6b497ab0a16a6d45780aeed_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cfb768203c4fdd29e8229db912e47bc381dcd3841cfad9ae592461dc6b99fba5_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47774"
},
{
"category": "external",
"summary": "RHBZ#2487465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487465"
},
{
"category": "external",
"summary": "RHSB-2026-007",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2026-007"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47774",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47774"
}
],
"release_date": "2026-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T09:27:21+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0c8b094d37be696f55f4a7f3bacc89df0d7d8758ef726aa4cced8c675cedd893_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:566720d2683ddc21de68ec4a7d06998565a5b307328b62188c00a859aa01416a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f9ad974659eaa7fb581635dc7dec5f7e561d12f39ca11fef16b416fc9634a964_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:fdab7c58feb092e4e4adcbb95c2375bdfd76fb9702539e7b92577c8197282364_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26231"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:57c22050e27874f142225cb52a3cfb48662749fa11badfaefe35c27e9cf6b9d7_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a82b4f882835509f53e3f60b395d7e58956ff4158a7ab77a78cc34835624e72_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86f9149a3246121ec96d3413eb056617530f00808552637a291f27a800932556_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a63c47511101e2fc22f051a057a0b5307a0a546a706e6b4042d7f483ed8e368c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:22fb322dad667f097805440d5f2a9427156a4b3bbc8fe9a2ed3466dbeef3f2f7_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:23e9fbe6e6ea11e832c7f5dba42a6647468b782cacd4e1605e7ac9566cae6108_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:243ebdfcec4c9a5f856112061407632d8a3463f9a22f4b8196ba23bc978d4147_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:616a5e991ed54c8dc00b999dcedd8866fb7ded4d739079470fd306cdee4612b2_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6a98519e5624a785b905790c9714764fc6ddd8ae4027716929397f6f8f5d8fda_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bbdae8c7762d0028990a39ae19e39ff27a4d484563525c7c5f6f446409f2fc1a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f3159b0735f7f25b40b246634e4bf40b668a4ab8d9318d3c0499150b00486a34_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:fe03415d573ef8d4f907795255cec3f61dcc6d864401b6cd7aa45f1685f3b08d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0c8b094d37be696f55f4a7f3bacc89df0d7d8758ef726aa4cced8c675cedd893_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:566720d2683ddc21de68ec4a7d06998565a5b307328b62188c00a859aa01416a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f9ad974659eaa7fb581635dc7dec5f7e561d12f39ca11fef16b416fc9634a964_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:fdab7c58feb092e4e4adcbb95c2375bdfd76fb9702539e7b92577c8197282364_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b72a06f6d0bc5a74107c7edb87af64e1878779a09946d72e6b5f181bf0f0a27_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3cd40ea42fc8ac197bd3f54b4e799b4e294e14081c73b9d6011bf50b08bdff59_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8387e7640fb308b1da2ec996a1367d8da3c9a1d6b8b51a4a4c5255acd5c1cca9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e61db9b8fb75e91717ebe5819e04212aa71b65c9e098ad800c9b03f82c38704f_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:83ffcd8afe730203afd97713292fb56e29a120b6296d03439c0e8e8cf3013186_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0c76e3710d2b156ab849a801cdfd9d4af713bf05928968a290e2e23ea7bfc6da_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:485865eb1b84b371b8584b05833a4f46267cd6ae7d748d9420cf3211fa67b513_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a8482ac8a8eb9a7e8f06abc2f8808089ac657425c6b497ab0a16a6d45780aeed_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cfb768203c4fdd29e8229db912e47bc381dcd3841cfad9ae592461dc6b99fba5_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:57c22050e27874f142225cb52a3cfb48662749fa11badfaefe35c27e9cf6b9d7_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a82b4f882835509f53e3f60b395d7e58956ff4158a7ab77a78cc34835624e72_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:86f9149a3246121ec96d3413eb056617530f00808552637a291f27a800932556_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a63c47511101e2fc22f051a057a0b5307a0a546a706e6b4042d7f483ed8e368c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:22fb322dad667f097805440d5f2a9427156a4b3bbc8fe9a2ed3466dbeef3f2f7_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:23e9fbe6e6ea11e832c7f5dba42a6647468b782cacd4e1605e7ac9566cae6108_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:243ebdfcec4c9a5f856112061407632d8a3463f9a22f4b8196ba23bc978d4147_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:616a5e991ed54c8dc00b999dcedd8866fb7ded4d739079470fd306cdee4612b2_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6a98519e5624a785b905790c9714764fc6ddd8ae4027716929397f6f8f5d8fda_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bbdae8c7762d0028990a39ae19e39ff27a4d484563525c7c5f6f446409f2fc1a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f3159b0735f7f25b40b246634e4bf40b668a4ab8d9318d3c0499150b00486a34_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:fe03415d573ef8d4f907795255cec3f61dcc6d864401b6cd7aa45f1685f3b08d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0c8b094d37be696f55f4a7f3bacc89df0d7d8758ef726aa4cced8c675cedd893_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:566720d2683ddc21de68ec4a7d06998565a5b307328b62188c00a859aa01416a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f9ad974659eaa7fb581635dc7dec5f7e561d12f39ca11fef16b416fc9634a964_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:fdab7c58feb092e4e4adcbb95c2375bdfd76fb9702539e7b92577c8197282364_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3b72a06f6d0bc5a74107c7edb87af64e1878779a09946d72e6b5f181bf0f0a27_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3cd40ea42fc8ac197bd3f54b4e799b4e294e14081c73b9d6011bf50b08bdff59_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8387e7640fb308b1da2ec996a1367d8da3c9a1d6b8b51a4a4c5255acd5c1cca9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e61db9b8fb75e91717ebe5819e04212aa71b65c9e098ad800c9b03f82c38704f_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:83ffcd8afe730203afd97713292fb56e29a120b6296d03439c0e8e8cf3013186_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0c76e3710d2b156ab849a801cdfd9d4af713bf05928968a290e2e23ea7bfc6da_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:485865eb1b84b371b8584b05833a4f46267cd6ae7d748d9420cf3211fa67b513_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a8482ac8a8eb9a7e8f06abc2f8808089ac657425c6b497ab0a16a6d45780aeed_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:cfb768203c4fdd29e8229db912e47bc381dcd3841cfad9ae592461dc6b99fba5_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack"
}
]
}
RHSA-2026:26247
Vulnerability from csaf_redhat - Published: 2026-06-16 10:02 - Updated: 2026-06-30 04:22A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:215cb6b3601b4717644a989d834603079201ca5b7d5f235123d515ac35c51088_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c39845ef1238ded68ad33f97189bc6e4414c80967c8edb1a6b779920a9818d7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:db328d4648c30a8080dba6cc40a9d077d172ee8383137ba897b71a987167e8a7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:df8f04d5ef0803440579658d273900bb9f643e91e89a3986de19c362aa7d3539_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:59fe5085f0c9e3aeeee3f34c1f76df7eb636ea090d8d3128c425a4c32b71fd69_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:66ad6ad07870afc1357b1480c0c591a86e206ca76cbddd9dd5efb8812569537b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7c93788b8c6eb3d36d80a8e0fb66b7db370ccd50fb78cf2d2378d14a05f87a9a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d25c8161022288f9f9ba42c75f250e20122892891499c3d3e165d939d421e746_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8450eb411dd1f37f5b4a7edeb2afb17c5f7794ee75e1c2c09113d46415fc7318_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c25237a503e63fc6fe16f03c783df49e03d7ffe87753cdbcfb3a07b17bff6aa7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d678c75a3bdb0eb72505e82c5ee3cdc17a43c466aa9a2b48d5749ea25a509656_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d71f9ff7b96d37596b2d2120e53caef09d336bf8e0fa629a4ca19e895855db21_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2aafc7b43e740a0b829afd1017c3843e24d2818f9361620557588cd2141cb718_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:616565cc2d12ee3f399d19117878d4d4dcf65d60d6ce3befaea68b20663db7e5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:96d1dac863cc10892fcc1381695077193dd0d00d6c719a1024422059f69e65bb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d94b79e1ddb87b4e2181408afc11cb84bd6a9c749028faa3653412f19de5a511_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:39c2eea423cd822eac5537b21fd74b24732d891c726dabade2eee516dff1abf9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:93edf7112509fec39c838a52724ec19fc7ec948a0f4aeaacd6092fd7648e0b7d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:efa1d5925639c397d82967b0fc36f8a9695abc940b88061734b91fb25afb0b74_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f13c5423bb47b3e1e2ed5e137c47b3616898f1bdb4ff5316b029500e3334c448_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e3712a16441ba402c3df852b757d2d04b83772cd3bb1858688c5df2faf9b9a77_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0ee97c0bace1ef2b81886d2607dbd6cee91494544c30d88e1fb030f7018b1713_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b54c37135730492f98ddd75c9e9998e281ac71730692f77a676879b5135ac2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a0af444b19f15990a251a1de7de89e45400ee62612d2a12c98d917f99349e560_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c91642247486c86586ec5328e0e0ddffe0fa891d31eff59ff7af80d412a2a02b_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.3.4\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.3.4, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* openshift-service-mesh/istio-proxyv2-rhel9: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack (CVE-2026-47774)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:26247",
"url": "https://access.redhat.com/errata/RHSA-2026:26247"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47774",
"url": "https://access.redhat.com/security/cve/CVE-2026-47774"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26247.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.4",
"tracking": {
"current_release_date": "2026-06-30T04:22:20+00:00",
"generator": {
"date": "2026-06-30T04:22:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:26247",
"initial_release_date": "2026-06-16T10:02:04+00:00",
"revision_history": [
{
"date": "2026-06-16T10:02:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-16T10:02:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:22:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e3712a16441ba402c3df852b757d2d04b83772cd3bb1858688c5df2faf9b9a77_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e3712a16441ba402c3df852b757d2d04b83772cd3bb1858688c5df2faf9b9a77_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e3712a16441ba402c3df852b757d2d04b83772cd3bb1858688c5df2faf9b9a77_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3Ae3712a16441ba402c3df852b757d2d04b83772cd3bb1858688c5df2faf9b9a77?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle\u0026tag=1781098162"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7c93788b8c6eb3d36d80a8e0fb66b7db370ccd50fb78cf2d2378d14a05f87a9a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7c93788b8c6eb3d36d80a8e0fb66b7db370ccd50fb78cf2d2378d14a05f87a9a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7c93788b8c6eb3d36d80a8e0fb66b7db370ccd50fb78cf2d2378d14a05f87a9a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A7c93788b8c6eb3d36d80a8e0fb66b7db370ccd50fb78cf2d2378d14a05f87a9a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1781093422"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c25237a503e63fc6fe16f03c783df49e03d7ffe87753cdbcfb3a07b17bff6aa7_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c25237a503e63fc6fe16f03c783df49e03d7ffe87753cdbcfb3a07b17bff6aa7_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c25237a503e63fc6fe16f03c783df49e03d7ffe87753cdbcfb3a07b17bff6aa7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ac25237a503e63fc6fe16f03c783df49e03d7ffe87753cdbcfb3a07b17bff6aa7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780424801"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:efa1d5925639c397d82967b0fc36f8a9695abc940b88061734b91fb25afb0b74_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:efa1d5925639c397d82967b0fc36f8a9695abc940b88061734b91fb25afb0b74_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:efa1d5925639c397d82967b0fc36f8a9695abc940b88061734b91fb25afb0b74_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Aefa1d5925639c397d82967b0fc36f8a9695abc940b88061734b91fb25afb0b74?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1781093343"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d94b79e1ddb87b4e2181408afc11cb84bd6a9c749028faa3653412f19de5a511_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d94b79e1ddb87b4e2181408afc11cb84bd6a9c749028faa3653412f19de5a511_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d94b79e1ddb87b4e2181408afc11cb84bd6a9c749028faa3653412f19de5a511_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ad94b79e1ddb87b4e2181408afc11cb84bd6a9c749028faa3653412f19de5a511?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1781093362"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c39845ef1238ded68ad33f97189bc6e4414c80967c8edb1a6b779920a9818d7e_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c39845ef1238ded68ad33f97189bc6e4414c80967c8edb1a6b779920a9818d7e_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c39845ef1238ded68ad33f97189bc6e4414c80967c8edb1a6b779920a9818d7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ac39845ef1238ded68ad33f97189bc6e4414c80967c8edb1a6b779920a9818d7e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781094520"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0ee97c0bace1ef2b81886d2607dbd6cee91494544c30d88e1fb030f7018b1713_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0ee97c0bace1ef2b81886d2607dbd6cee91494544c30d88e1fb030f7018b1713_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0ee97c0bace1ef2b81886d2607dbd6cee91494544c30d88e1fb030f7018b1713_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A0ee97c0bace1ef2b81886d2607dbd6cee91494544c30d88e1fb030f7018b1713?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1781094215"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d25c8161022288f9f9ba42c75f250e20122892891499c3d3e165d939d421e746_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d25c8161022288f9f9ba42c75f250e20122892891499c3d3e165d939d421e746_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d25c8161022288f9f9ba42c75f250e20122892891499c3d3e165d939d421e746_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ad25c8161022288f9f9ba42c75f250e20122892891499c3d3e165d939d421e746?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1781093422"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d71f9ff7b96d37596b2d2120e53caef09d336bf8e0fa629a4ca19e895855db21_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d71f9ff7b96d37596b2d2120e53caef09d336bf8e0fa629a4ca19e895855db21_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d71f9ff7b96d37596b2d2120e53caef09d336bf8e0fa629a4ca19e895855db21_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ad71f9ff7b96d37596b2d2120e53caef09d336bf8e0fa629a4ca19e895855db21?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780424801"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f13c5423bb47b3e1e2ed5e137c47b3616898f1bdb4ff5316b029500e3334c448_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f13c5423bb47b3e1e2ed5e137c47b3616898f1bdb4ff5316b029500e3334c448_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f13c5423bb47b3e1e2ed5e137c47b3616898f1bdb4ff5316b029500e3334c448_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Af13c5423bb47b3e1e2ed5e137c47b3616898f1bdb4ff5316b029500e3334c448?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1781093343"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:616565cc2d12ee3f399d19117878d4d4dcf65d60d6ce3befaea68b20663db7e5_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:616565cc2d12ee3f399d19117878d4d4dcf65d60d6ce3befaea68b20663db7e5_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:616565cc2d12ee3f399d19117878d4d4dcf65d60d6ce3befaea68b20663db7e5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A616565cc2d12ee3f399d19117878d4d4dcf65d60d6ce3befaea68b20663db7e5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1781093362"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:df8f04d5ef0803440579658d273900bb9f643e91e89a3986de19c362aa7d3539_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:df8f04d5ef0803440579658d273900bb9f643e91e89a3986de19c362aa7d3539_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:df8f04d5ef0803440579658d273900bb9f643e91e89a3986de19c362aa7d3539_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Adf8f04d5ef0803440579658d273900bb9f643e91e89a3986de19c362aa7d3539?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781094520"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b54c37135730492f98ddd75c9e9998e281ac71730692f77a676879b5135ac2_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b54c37135730492f98ddd75c9e9998e281ac71730692f77a676879b5135ac2_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b54c37135730492f98ddd75c9e9998e281ac71730692f77a676879b5135ac2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A74b54c37135730492f98ddd75c9e9998e281ac71730692f77a676879b5135ac2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1781094215"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:66ad6ad07870afc1357b1480c0c591a86e206ca76cbddd9dd5efb8812569537b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:66ad6ad07870afc1357b1480c0c591a86e206ca76cbddd9dd5efb8812569537b_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:66ad6ad07870afc1357b1480c0c591a86e206ca76cbddd9dd5efb8812569537b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A66ad6ad07870afc1357b1480c0c591a86e206ca76cbddd9dd5efb8812569537b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1781093422"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d678c75a3bdb0eb72505e82c5ee3cdc17a43c466aa9a2b48d5749ea25a509656_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d678c75a3bdb0eb72505e82c5ee3cdc17a43c466aa9a2b48d5749ea25a509656_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d678c75a3bdb0eb72505e82c5ee3cdc17a43c466aa9a2b48d5749ea25a509656_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ad678c75a3bdb0eb72505e82c5ee3cdc17a43c466aa9a2b48d5749ea25a509656?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780424801"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:93edf7112509fec39c838a52724ec19fc7ec948a0f4aeaacd6092fd7648e0b7d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:93edf7112509fec39c838a52724ec19fc7ec948a0f4aeaacd6092fd7648e0b7d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:93edf7112509fec39c838a52724ec19fc7ec948a0f4aeaacd6092fd7648e0b7d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A93edf7112509fec39c838a52724ec19fc7ec948a0f4aeaacd6092fd7648e0b7d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1781093343"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2aafc7b43e740a0b829afd1017c3843e24d2818f9361620557588cd2141cb718_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2aafc7b43e740a0b829afd1017c3843e24d2818f9361620557588cd2141cb718_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2aafc7b43e740a0b829afd1017c3843e24d2818f9361620557588cd2141cb718_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A2aafc7b43e740a0b829afd1017c3843e24d2818f9361620557588cd2141cb718?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1781093362"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:db328d4648c30a8080dba6cc40a9d077d172ee8383137ba897b71a987167e8a7_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:db328d4648c30a8080dba6cc40a9d077d172ee8383137ba897b71a987167e8a7_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:db328d4648c30a8080dba6cc40a9d077d172ee8383137ba897b71a987167e8a7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Adb328d4648c30a8080dba6cc40a9d077d172ee8383137ba897b71a987167e8a7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781094520"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a0af444b19f15990a251a1de7de89e45400ee62612d2a12c98d917f99349e560_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a0af444b19f15990a251a1de7de89e45400ee62612d2a12c98d917f99349e560_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a0af444b19f15990a251a1de7de89e45400ee62612d2a12c98d917f99349e560_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aa0af444b19f15990a251a1de7de89e45400ee62612d2a12c98d917f99349e560?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1781094215"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:59fe5085f0c9e3aeeee3f34c1f76df7eb636ea090d8d3128c425a4c32b71fd69_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:59fe5085f0c9e3aeeee3f34c1f76df7eb636ea090d8d3128c425a4c32b71fd69_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:59fe5085f0c9e3aeeee3f34c1f76df7eb636ea090d8d3128c425a4c32b71fd69_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A59fe5085f0c9e3aeeee3f34c1f76df7eb636ea090d8d3128c425a4c32b71fd69?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1781093422"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8450eb411dd1f37f5b4a7edeb2afb17c5f7794ee75e1c2c09113d46415fc7318_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8450eb411dd1f37f5b4a7edeb2afb17c5f7794ee75e1c2c09113d46415fc7318_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8450eb411dd1f37f5b4a7edeb2afb17c5f7794ee75e1c2c09113d46415fc7318_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A8450eb411dd1f37f5b4a7edeb2afb17c5f7794ee75e1c2c09113d46415fc7318?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1780424801"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:39c2eea423cd822eac5537b21fd74b24732d891c726dabade2eee516dff1abf9_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:39c2eea423cd822eac5537b21fd74b24732d891c726dabade2eee516dff1abf9_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:39c2eea423cd822eac5537b21fd74b24732d891c726dabade2eee516dff1abf9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A39c2eea423cd822eac5537b21fd74b24732d891c726dabade2eee516dff1abf9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1781093343"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:96d1dac863cc10892fcc1381695077193dd0d00d6c719a1024422059f69e65bb_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:96d1dac863cc10892fcc1381695077193dd0d00d6c719a1024422059f69e65bb_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:96d1dac863cc10892fcc1381695077193dd0d00d6c719a1024422059f69e65bb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A96d1dac863cc10892fcc1381695077193dd0d00d6c719a1024422059f69e65bb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1781093362"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:215cb6b3601b4717644a989d834603079201ca5b7d5f235123d515ac35c51088_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:215cb6b3601b4717644a989d834603079201ca5b7d5f235123d515ac35c51088_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:215cb6b3601b4717644a989d834603079201ca5b7d5f235123d515ac35c51088_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A215cb6b3601b4717644a989d834603079201ca5b7d5f235123d515ac35c51088?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1781094520"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c91642247486c86586ec5328e0e0ddffe0fa891d31eff59ff7af80d412a2a02b_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c91642247486c86586ec5328e0e0ddffe0fa891d31eff59ff7af80d412a2a02b_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c91642247486c86586ec5328e0e0ddffe0fa891d31eff59ff7af80d412a2a02b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ac91642247486c86586ec5328e0e0ddffe0fa891d31eff59ff7af80d412a2a02b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1781094215"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:59fe5085f0c9e3aeeee3f34c1f76df7eb636ea090d8d3128c425a4c32b71fd69_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:59fe5085f0c9e3aeeee3f34c1f76df7eb636ea090d8d3128c425a4c32b71fd69_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:59fe5085f0c9e3aeeee3f34c1f76df7eb636ea090d8d3128c425a4c32b71fd69_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:66ad6ad07870afc1357b1480c0c591a86e206ca76cbddd9dd5efb8812569537b_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:66ad6ad07870afc1357b1480c0c591a86e206ca76cbddd9dd5efb8812569537b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:66ad6ad07870afc1357b1480c0c591a86e206ca76cbddd9dd5efb8812569537b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7c93788b8c6eb3d36d80a8e0fb66b7db370ccd50fb78cf2d2378d14a05f87a9a_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7c93788b8c6eb3d36d80a8e0fb66b7db370ccd50fb78cf2d2378d14a05f87a9a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7c93788b8c6eb3d36d80a8e0fb66b7db370ccd50fb78cf2d2378d14a05f87a9a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d25c8161022288f9f9ba42c75f250e20122892891499c3d3e165d939d421e746_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d25c8161022288f9f9ba42c75f250e20122892891499c3d3e165d939d421e746_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d25c8161022288f9f9ba42c75f250e20122892891499c3d3e165d939d421e746_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8450eb411dd1f37f5b4a7edeb2afb17c5f7794ee75e1c2c09113d46415fc7318_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8450eb411dd1f37f5b4a7edeb2afb17c5f7794ee75e1c2c09113d46415fc7318_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8450eb411dd1f37f5b4a7edeb2afb17c5f7794ee75e1c2c09113d46415fc7318_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c25237a503e63fc6fe16f03c783df49e03d7ffe87753cdbcfb3a07b17bff6aa7_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c25237a503e63fc6fe16f03c783df49e03d7ffe87753cdbcfb3a07b17bff6aa7_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c25237a503e63fc6fe16f03c783df49e03d7ffe87753cdbcfb3a07b17bff6aa7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d678c75a3bdb0eb72505e82c5ee3cdc17a43c466aa9a2b48d5749ea25a509656_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d678c75a3bdb0eb72505e82c5ee3cdc17a43c466aa9a2b48d5749ea25a509656_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d678c75a3bdb0eb72505e82c5ee3cdc17a43c466aa9a2b48d5749ea25a509656_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d71f9ff7b96d37596b2d2120e53caef09d336bf8e0fa629a4ca19e895855db21_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d71f9ff7b96d37596b2d2120e53caef09d336bf8e0fa629a4ca19e895855db21_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d71f9ff7b96d37596b2d2120e53caef09d336bf8e0fa629a4ca19e895855db21_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2aafc7b43e740a0b829afd1017c3843e24d2818f9361620557588cd2141cb718_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2aafc7b43e740a0b829afd1017c3843e24d2818f9361620557588cd2141cb718_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2aafc7b43e740a0b829afd1017c3843e24d2818f9361620557588cd2141cb718_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:616565cc2d12ee3f399d19117878d4d4dcf65d60d6ce3befaea68b20663db7e5_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:616565cc2d12ee3f399d19117878d4d4dcf65d60d6ce3befaea68b20663db7e5_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:616565cc2d12ee3f399d19117878d4d4dcf65d60d6ce3befaea68b20663db7e5_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:96d1dac863cc10892fcc1381695077193dd0d00d6c719a1024422059f69e65bb_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:96d1dac863cc10892fcc1381695077193dd0d00d6c719a1024422059f69e65bb_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:96d1dac863cc10892fcc1381695077193dd0d00d6c719a1024422059f69e65bb_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d94b79e1ddb87b4e2181408afc11cb84bd6a9c749028faa3653412f19de5a511_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d94b79e1ddb87b4e2181408afc11cb84bd6a9c749028faa3653412f19de5a511_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d94b79e1ddb87b4e2181408afc11cb84bd6a9c749028faa3653412f19de5a511_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:215cb6b3601b4717644a989d834603079201ca5b7d5f235123d515ac35c51088_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:215cb6b3601b4717644a989d834603079201ca5b7d5f235123d515ac35c51088_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:215cb6b3601b4717644a989d834603079201ca5b7d5f235123d515ac35c51088_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c39845ef1238ded68ad33f97189bc6e4414c80967c8edb1a6b779920a9818d7e_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c39845ef1238ded68ad33f97189bc6e4414c80967c8edb1a6b779920a9818d7e_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c39845ef1238ded68ad33f97189bc6e4414c80967c8edb1a6b779920a9818d7e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:db328d4648c30a8080dba6cc40a9d077d172ee8383137ba897b71a987167e8a7_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:db328d4648c30a8080dba6cc40a9d077d172ee8383137ba897b71a987167e8a7_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:db328d4648c30a8080dba6cc40a9d077d172ee8383137ba897b71a987167e8a7_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:df8f04d5ef0803440579658d273900bb9f643e91e89a3986de19c362aa7d3539_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:df8f04d5ef0803440579658d273900bb9f643e91e89a3986de19c362aa7d3539_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:df8f04d5ef0803440579658d273900bb9f643e91e89a3986de19c362aa7d3539_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:39c2eea423cd822eac5537b21fd74b24732d891c726dabade2eee516dff1abf9_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:39c2eea423cd822eac5537b21fd74b24732d891c726dabade2eee516dff1abf9_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:39c2eea423cd822eac5537b21fd74b24732d891c726dabade2eee516dff1abf9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:93edf7112509fec39c838a52724ec19fc7ec948a0f4aeaacd6092fd7648e0b7d_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:93edf7112509fec39c838a52724ec19fc7ec948a0f4aeaacd6092fd7648e0b7d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:93edf7112509fec39c838a52724ec19fc7ec948a0f4aeaacd6092fd7648e0b7d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:efa1d5925639c397d82967b0fc36f8a9695abc940b88061734b91fb25afb0b74_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:efa1d5925639c397d82967b0fc36f8a9695abc940b88061734b91fb25afb0b74_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:efa1d5925639c397d82967b0fc36f8a9695abc940b88061734b91fb25afb0b74_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f13c5423bb47b3e1e2ed5e137c47b3616898f1bdb4ff5316b029500e3334c448_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f13c5423bb47b3e1e2ed5e137c47b3616898f1bdb4ff5316b029500e3334c448_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f13c5423bb47b3e1e2ed5e137c47b3616898f1bdb4ff5316b029500e3334c448_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e3712a16441ba402c3df852b757d2d04b83772cd3bb1858688c5df2faf9b9a77_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e3712a16441ba402c3df852b757d2d04b83772cd3bb1858688c5df2faf9b9a77_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e3712a16441ba402c3df852b757d2d04b83772cd3bb1858688c5df2faf9b9a77_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0ee97c0bace1ef2b81886d2607dbd6cee91494544c30d88e1fb030f7018b1713_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0ee97c0bace1ef2b81886d2607dbd6cee91494544c30d88e1fb030f7018b1713_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0ee97c0bace1ef2b81886d2607dbd6cee91494544c30d88e1fb030f7018b1713_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b54c37135730492f98ddd75c9e9998e281ac71730692f77a676879b5135ac2_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b54c37135730492f98ddd75c9e9998e281ac71730692f77a676879b5135ac2_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b54c37135730492f98ddd75c9e9998e281ac71730692f77a676879b5135ac2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a0af444b19f15990a251a1de7de89e45400ee62612d2a12c98d917f99349e560_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a0af444b19f15990a251a1de7de89e45400ee62612d2a12c98d917f99349e560_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a0af444b19f15990a251a1de7de89e45400ee62612d2a12c98d917f99349e560_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c91642247486c86586ec5328e0e0ddffe0fa891d31eff59ff7af80d412a2a02b_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c91642247486c86586ec5328e0e0ddffe0fa891d31eff59ff7af80d412a2a02b_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c91642247486c86586ec5328e0e0ddffe0fa891d31eff59ff7af80d412a2a02b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-47774",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-06-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:59fe5085f0c9e3aeeee3f34c1f76df7eb636ea090d8d3128c425a4c32b71fd69_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:66ad6ad07870afc1357b1480c0c591a86e206ca76cbddd9dd5efb8812569537b_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7c93788b8c6eb3d36d80a8e0fb66b7db370ccd50fb78cf2d2378d14a05f87a9a_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d25c8161022288f9f9ba42c75f250e20122892891499c3d3e165d939d421e746_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8450eb411dd1f37f5b4a7edeb2afb17c5f7794ee75e1c2c09113d46415fc7318_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c25237a503e63fc6fe16f03c783df49e03d7ffe87753cdbcfb3a07b17bff6aa7_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d678c75a3bdb0eb72505e82c5ee3cdc17a43c466aa9a2b48d5749ea25a509656_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d71f9ff7b96d37596b2d2120e53caef09d336bf8e0fa629a4ca19e895855db21_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2aafc7b43e740a0b829afd1017c3843e24d2818f9361620557588cd2141cb718_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:616565cc2d12ee3f399d19117878d4d4dcf65d60d6ce3befaea68b20663db7e5_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:96d1dac863cc10892fcc1381695077193dd0d00d6c719a1024422059f69e65bb_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d94b79e1ddb87b4e2181408afc11cb84bd6a9c749028faa3653412f19de5a511_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:39c2eea423cd822eac5537b21fd74b24732d891c726dabade2eee516dff1abf9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:93edf7112509fec39c838a52724ec19fc7ec948a0f4aeaacd6092fd7648e0b7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:efa1d5925639c397d82967b0fc36f8a9695abc940b88061734b91fb25afb0b74_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f13c5423bb47b3e1e2ed5e137c47b3616898f1bdb4ff5316b029500e3334c448_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e3712a16441ba402c3df852b757d2d04b83772cd3bb1858688c5df2faf9b9a77_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0ee97c0bace1ef2b81886d2607dbd6cee91494544c30d88e1fb030f7018b1713_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b54c37135730492f98ddd75c9e9998e281ac71730692f77a676879b5135ac2_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a0af444b19f15990a251a1de7de89e45400ee62612d2a12c98d917f99349e560_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c91642247486c86586ec5328e0e0ddffe0fa891d31eff59ff7af80d412a2a02b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487465"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability was found in Envoy\u0027s HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:215cb6b3601b4717644a989d834603079201ca5b7d5f235123d515ac35c51088_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c39845ef1238ded68ad33f97189bc6e4414c80967c8edb1a6b779920a9818d7e_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:db328d4648c30a8080dba6cc40a9d077d172ee8383137ba897b71a987167e8a7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:df8f04d5ef0803440579658d273900bb9f643e91e89a3986de19c362aa7d3539_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:59fe5085f0c9e3aeeee3f34c1f76df7eb636ea090d8d3128c425a4c32b71fd69_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:66ad6ad07870afc1357b1480c0c591a86e206ca76cbddd9dd5efb8812569537b_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7c93788b8c6eb3d36d80a8e0fb66b7db370ccd50fb78cf2d2378d14a05f87a9a_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d25c8161022288f9f9ba42c75f250e20122892891499c3d3e165d939d421e746_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8450eb411dd1f37f5b4a7edeb2afb17c5f7794ee75e1c2c09113d46415fc7318_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c25237a503e63fc6fe16f03c783df49e03d7ffe87753cdbcfb3a07b17bff6aa7_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d678c75a3bdb0eb72505e82c5ee3cdc17a43c466aa9a2b48d5749ea25a509656_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d71f9ff7b96d37596b2d2120e53caef09d336bf8e0fa629a4ca19e895855db21_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2aafc7b43e740a0b829afd1017c3843e24d2818f9361620557588cd2141cb718_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:616565cc2d12ee3f399d19117878d4d4dcf65d60d6ce3befaea68b20663db7e5_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:96d1dac863cc10892fcc1381695077193dd0d00d6c719a1024422059f69e65bb_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d94b79e1ddb87b4e2181408afc11cb84bd6a9c749028faa3653412f19de5a511_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:39c2eea423cd822eac5537b21fd74b24732d891c726dabade2eee516dff1abf9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:93edf7112509fec39c838a52724ec19fc7ec948a0f4aeaacd6092fd7648e0b7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:efa1d5925639c397d82967b0fc36f8a9695abc940b88061734b91fb25afb0b74_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f13c5423bb47b3e1e2ed5e137c47b3616898f1bdb4ff5316b029500e3334c448_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e3712a16441ba402c3df852b757d2d04b83772cd3bb1858688c5df2faf9b9a77_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0ee97c0bace1ef2b81886d2607dbd6cee91494544c30d88e1fb030f7018b1713_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b54c37135730492f98ddd75c9e9998e281ac71730692f77a676879b5135ac2_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a0af444b19f15990a251a1de7de89e45400ee62612d2a12c98d917f99349e560_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c91642247486c86586ec5328e0e0ddffe0fa891d31eff59ff7af80d412a2a02b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47774"
},
{
"category": "external",
"summary": "RHBZ#2487465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487465"
},
{
"category": "external",
"summary": "RHSB-2026-007",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2026-007"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47774",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47774"
}
],
"release_date": "2026-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T10:02:04+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.3.4 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:215cb6b3601b4717644a989d834603079201ca5b7d5f235123d515ac35c51088_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c39845ef1238ded68ad33f97189bc6e4414c80967c8edb1a6b779920a9818d7e_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:db328d4648c30a8080dba6cc40a9d077d172ee8383137ba897b71a987167e8a7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:df8f04d5ef0803440579658d273900bb9f643e91e89a3986de19c362aa7d3539_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26247"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:59fe5085f0c9e3aeeee3f34c1f76df7eb636ea090d8d3128c425a4c32b71fd69_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:66ad6ad07870afc1357b1480c0c591a86e206ca76cbddd9dd5efb8812569537b_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7c93788b8c6eb3d36d80a8e0fb66b7db370ccd50fb78cf2d2378d14a05f87a9a_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d25c8161022288f9f9ba42c75f250e20122892891499c3d3e165d939d421e746_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8450eb411dd1f37f5b4a7edeb2afb17c5f7794ee75e1c2c09113d46415fc7318_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c25237a503e63fc6fe16f03c783df49e03d7ffe87753cdbcfb3a07b17bff6aa7_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d678c75a3bdb0eb72505e82c5ee3cdc17a43c466aa9a2b48d5749ea25a509656_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d71f9ff7b96d37596b2d2120e53caef09d336bf8e0fa629a4ca19e895855db21_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2aafc7b43e740a0b829afd1017c3843e24d2818f9361620557588cd2141cb718_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:616565cc2d12ee3f399d19117878d4d4dcf65d60d6ce3befaea68b20663db7e5_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:96d1dac863cc10892fcc1381695077193dd0d00d6c719a1024422059f69e65bb_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d94b79e1ddb87b4e2181408afc11cb84bd6a9c749028faa3653412f19de5a511_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:215cb6b3601b4717644a989d834603079201ca5b7d5f235123d515ac35c51088_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c39845ef1238ded68ad33f97189bc6e4414c80967c8edb1a6b779920a9818d7e_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:db328d4648c30a8080dba6cc40a9d077d172ee8383137ba897b71a987167e8a7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:df8f04d5ef0803440579658d273900bb9f643e91e89a3986de19c362aa7d3539_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:39c2eea423cd822eac5537b21fd74b24732d891c726dabade2eee516dff1abf9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:93edf7112509fec39c838a52724ec19fc7ec948a0f4aeaacd6092fd7648e0b7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:efa1d5925639c397d82967b0fc36f8a9695abc940b88061734b91fb25afb0b74_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f13c5423bb47b3e1e2ed5e137c47b3616898f1bdb4ff5316b029500e3334c448_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e3712a16441ba402c3df852b757d2d04b83772cd3bb1858688c5df2faf9b9a77_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0ee97c0bace1ef2b81886d2607dbd6cee91494544c30d88e1fb030f7018b1713_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b54c37135730492f98ddd75c9e9998e281ac71730692f77a676879b5135ac2_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a0af444b19f15990a251a1de7de89e45400ee62612d2a12c98d917f99349e560_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c91642247486c86586ec5328e0e0ddffe0fa891d31eff59ff7af80d412a2a02b_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:59fe5085f0c9e3aeeee3f34c1f76df7eb636ea090d8d3128c425a4c32b71fd69_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:66ad6ad07870afc1357b1480c0c591a86e206ca76cbddd9dd5efb8812569537b_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7c93788b8c6eb3d36d80a8e0fb66b7db370ccd50fb78cf2d2378d14a05f87a9a_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d25c8161022288f9f9ba42c75f250e20122892891499c3d3e165d939d421e746_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8450eb411dd1f37f5b4a7edeb2afb17c5f7794ee75e1c2c09113d46415fc7318_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c25237a503e63fc6fe16f03c783df49e03d7ffe87753cdbcfb3a07b17bff6aa7_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d678c75a3bdb0eb72505e82c5ee3cdc17a43c466aa9a2b48d5749ea25a509656_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d71f9ff7b96d37596b2d2120e53caef09d336bf8e0fa629a4ca19e895855db21_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2aafc7b43e740a0b829afd1017c3843e24d2818f9361620557588cd2141cb718_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:616565cc2d12ee3f399d19117878d4d4dcf65d60d6ce3befaea68b20663db7e5_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:96d1dac863cc10892fcc1381695077193dd0d00d6c719a1024422059f69e65bb_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d94b79e1ddb87b4e2181408afc11cb84bd6a9c749028faa3653412f19de5a511_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:215cb6b3601b4717644a989d834603079201ca5b7d5f235123d515ac35c51088_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c39845ef1238ded68ad33f97189bc6e4414c80967c8edb1a6b779920a9818d7e_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:db328d4648c30a8080dba6cc40a9d077d172ee8383137ba897b71a987167e8a7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:df8f04d5ef0803440579658d273900bb9f643e91e89a3986de19c362aa7d3539_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:39c2eea423cd822eac5537b21fd74b24732d891c726dabade2eee516dff1abf9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:93edf7112509fec39c838a52724ec19fc7ec948a0f4aeaacd6092fd7648e0b7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:efa1d5925639c397d82967b0fc36f8a9695abc940b88061734b91fb25afb0b74_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f13c5423bb47b3e1e2ed5e137c47b3616898f1bdb4ff5316b029500e3334c448_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e3712a16441ba402c3df852b757d2d04b83772cd3bb1858688c5df2faf9b9a77_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:0ee97c0bace1ef2b81886d2607dbd6cee91494544c30d88e1fb030f7018b1713_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:74b54c37135730492f98ddd75c9e9998e281ac71730692f77a676879b5135ac2_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:a0af444b19f15990a251a1de7de89e45400ee62612d2a12c98d917f99349e560_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c91642247486c86586ec5328e0e0ddffe0fa891d31eff59ff7af80d412a2a02b_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack"
}
]
}
RHSA-2026:27114
Vulnerability from csaf_redhat - Published: 2026-06-18 14:45 - Updated: 2026-06-30 04:22A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64 | — |
Workaround
|
A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are then held, leading to a denial of service (DoS) by rendering the server inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.6.17\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 2.6.17, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* proxyv2-rhel9: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack (CVE-2026-47774)\n\n* proxyv2-rhel9: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:27114",
"url": "https://access.redhat.com/errata/RHSA-2026:27114"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47774",
"url": "https://access.redhat.com/security/cve/CVE-2026-47774"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-49975",
"url": "https://access.redhat.com/security/cve/CVE-2026-49975"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-47774",
"url": "https://access.redhat.com/security/cve/cve-2026-47774"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-49975",
"url": "https://access.redhat.com/security/cve/cve-2026-49975"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27114.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.17",
"tracking": {
"current_release_date": "2026-06-30T04:22:28+00:00",
"generator": {
"date": "2026-06-30T04:22:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:27114",
"initial_release_date": "2026-06-18T14:45:35+00:00",
"revision_history": [
{
"date": "2026-06-18T14:45:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-18T14:45:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:22:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 2.6",
"product": {
"name": "Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ae6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1781579930"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256%3A91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=1781604724"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Af1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1781579930"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256%3Aff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=1781604724"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1781579930"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256%3A9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=1781604724"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ab046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1781579930"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256%3Aaeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=1781604724"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-47774",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-06-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487465"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability was found in Envoy\u0027s HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47774"
},
{
"category": "external",
"summary": "RHBZ#2487465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487465"
},
{
"category": "external",
"summary": "RHSB-2026-007",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2026-007"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47774",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47774"
}
],
"release_date": "2026-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-18T14:45:35+00:00",
"details": "See Red Hat OpenShift Service Mesh 2.6.17 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27114"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack"
},
{
"cve": "CVE-2026-49975",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-06-05T06:04:44.009000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2485371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are then held, leading to a denial of service (DoS) by rendering the server inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Apache\u0027s `httpd` HTTP/2 protocol implementation has a denial-of-service (DoS) vulnerability that is rated as Important. An unauthenticated remote attacker can exploit this flaw by combining HPACK compression with flow control manipulation, leading to significant server memory exhaustion and rendering the service inaccessible. This vulnerability exists in default HTTP/2 configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-49975"
},
{
"category": "external",
"summary": "RHBZ#2485371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485371"
},
{
"category": "external",
"summary": "RHSB-2026-007",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2026-007"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-49975"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-49975",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49975"
},
{
"category": "external",
"summary": "https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb",
"url": "https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb"
}
],
"release_date": "2026-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-18T14:45:35+00:00",
"details": "See Red Hat OpenShift Service Mesh 2.6.17 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:27114"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack"
}
]
}
WID-SEC-W-2026-1948
Vulnerability from csaf_certbund - Published: 2026-06-16 22:00 - Updated: 2026-06-16 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Mesh 3.0.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:mesh_3.0.12
|
Mesh 3.0.12 | |
|
Red Hat OpenShift Mesh 3.3.4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:mesh_3.3.4
|
Mesh 3.3.4 | |
|
Red Hat OpenShift Mesh 3.2.6
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:mesh_3.2.6
|
Mesh 3.2.6 | |
|
Red Hat OpenShift Mesh 3.1.9
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:mesh_3.1.9
|
Mesh 3.1.9 |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift Service Mesh ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1948 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1948.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1948 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1948"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26210 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26210"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26222 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26222"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26231 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26231"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26247 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26247"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift Service Mesh (envoy): Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2026-06-16T22:00:00.000+00:00",
"generator": {
"date": "2026-06-17T09:09:53.205+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1948",
"initial_release_date": "2026-06-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Mesh 3.0.12",
"product": {
"name": "Red Hat OpenShift Mesh 3.0.12",
"product_id": "T055465",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:mesh_3.0.12"
}
}
},
{
"category": "product_version",
"name": "Mesh 3.1.9",
"product": {
"name": "Red Hat OpenShift Mesh 3.1.9",
"product_id": "T055466",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:mesh_3.1.9"
}
}
},
{
"category": "product_version",
"name": "Mesh 3.2.6",
"product": {
"name": "Red Hat OpenShift Mesh 3.2.6",
"product_id": "T055467",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:mesh_3.2.6"
}
}
},
{
"category": "product_version",
"name": "Mesh 3.3.4",
"product": {
"name": "Red Hat OpenShift Mesh 3.3.4",
"product_id": "T055468",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:mesh_3.3.4"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-47774",
"product_status": {
"known_affected": [
"T055465",
"T055468",
"T055467",
"T055466"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-47774"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.